Secure Shell (SSH) is a security protocol broadly used by organizations of all types. As such, SSH is used by administrators to remotely manage Unix/Linux servers, routers and firewalls as well as many other systems.
Despite its importance, most organizations have limited, or no, formal SSH policies or management in place. Unfortunately, this means cyber criminals can easily abuse SSH keys that secure and automate administrator-to-machine and machine-to-machine access to critical business functions.
Venafi recently conducted a study that evaluated how organizations manage and implement SSH in their environments. Over 400 IT security professionals with in-depth knowledge of SSH participated, however, the study reveals a widespread lack of SSH security controls.
For example, 63% of the study respondents admit they do not actively rotate keys, even when an administrator leaves their organization, which can allow the former employees to have ongoing, privileged access to critical systems.
Additional highlights from the study:
“A compromised SSH key in the wrong hands can be extremely dangerous,” said Nick Hunter, senior technical manager for Venafi. “Cybercriminals can use them to access systems from remote locations, evade security tools, and often use the same key to access more systems. Based on these results, it’s very clear that most organizations have not implemented SSH security policies and restricted SSH access configurations because they do not understand the risks of SSH and how it affects their security posture.”
Are you protecting your SSH keys?