Skip to main content
banner image
venafi logo

SSH Keys—Lowest Cost, Highest Risk Security Tool

SSH Keys—Lowest Cost, Highest Risk Security Tool

October 13, 2017 | Christine Drake

Generating SSH keys is free, but poor SSH key practices expose businesses to costly risk. It takes just one SSH key for a cybercriminal to access an organization’s network and pivot to gain further access to the most sensitive systems and data.

When do SSH keys become a liability? SSH keys are often used for routine administrative tasks by system administrators, but are also used for secure machine-to-machine automation of critical business functions. However, the SSH keys themselves are often left unprotected, leaving organizations vulnerable to unauthorized privileged access.

At ISACA Cybersecurity Nexus (CSX) 2017 Europe conference, the Head of the Global Security Architect team at Venafi, Mike Dodson, will share the potential risks of allowing system administrators to configure and manage their own SSH keys—namely through ad hoc processes that use inconsistent security practices. Many keys are left unused and unmonitored, and some walk out the door with prior employees—whether maliciously or innocently. With no expiration and a lack of lifecycle management, enterprises can wind up with literally millions of SSH keys and a broad attack surface.

In his presentation, Mike will challenge you to consider how much security you place around passwords and how often you rotate them. Then, he’ll ask you to compare that to your SSH keys—the credentials that provide the most privileged access. You’ll hear the common mistakes that almost all enterprises make around security, policy, and auditing practices when managing SSH keys, supported by current survey results. Plus, you’ll discover the SSH key risks that are not addressed by IAM/PAM solutions and why they are probably some of the biggest risks in your environment. Finally, you’ll learn how to take SSH keys from an operational liability to a security asset.

In his CSX session, Mike will pull from real-world SSH security projects to illustrate how many enterprises wind up with millions of SSH keys. You’ll explore all-too-common pitfalls in SSH key management as well as best practices to avoid them, including topics like these:

  • How cybercriminals are exploiting SSH keys to gain unauthorized privileged access.
  • How SSH keys provide the ideal mechanism for cyber criminals to pivot through your environment, and how to control it.
  • Why PAM solutions don’t protect against SSH key risks.
  • How to develop a plan to incorporate best practices into SSH key management

Interested in learning more? See Mike Dodson present at CSX 2017 Europe, October 30-Novemer 1, 2017 in London, UK.

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

Threats in encrypted tunnels

Threats Are Hiding in Encrypted Traffic on Your Network

Going Undetected: How Cybercriminals, Hacktivists, and Nation States Misuse Digital Certificates

generic_blog_banner_image

Poor Privileged Access Management Poses Big Security Problems

About the author

Christine Drake
Christine Drake

Christine Drake writes for Venafi's blog and is an expert in machine identity protection.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat