Skip to main content
banner image
venafi logo

SSH Study: Who’s Auditing Your SSH Entitlements?

SSH Study: Who’s Auditing Your SSH Entitlements?

Audit ssh entitlements
November 15, 2017 | Eva Hanscom

Cyber criminals, such as malicious insiders, often use SSH keys to access systems from remote locations, evade security tools and escalate privileges. Auditing SSH entitlements as part of Privileged Access Management (PAM) policies can help organizations understand how well they control access to sensitive data.

Unfortunately, SSH entitlements are often not included in PAM policies, and thus are rarely audited. Without proper auditing and effective SSH security policies, SSH key weaknesses can go undetected, leaving organizations vulnerable to a wide range of cybersecurity attacks.

Venafi recently conducted a study that evaluated how organizations manage and implement SSH in their environments. Over 400 IT security professionals with in-depth knowledge of SSH participated, however, the study reveals a widespread lack of SSH audits. For example, 55% of the respondents said SSH entitlements are not featured in their PAM policies.

Additional highlights from the study:

  • Only a third (33%) of respondents said auditors review SSH key rotation and retirement policies.
    • Although SSH grants privileged access in the same ways that passwords do, they are rarely audited.
       
  • Less than half (46%) of respondents said auditors review the control of authorized key files.
    • When SSH access is not limited to approved systems, attackers with SSH access can move easily across enterprise networks and remain undetected.
       
  • Just 43% of respondents said auditors review their port forwarding policy.
    • If port forwarding is not limited, malicious actors can use it to create encrypted connections that evade most security controls.
       
  • More than one-quarter (27%) of respondents said that none of these critical SSH best practices are audited.
    • Without visibility into the efficacy of SSH security practices, organizations cannot accurately measure their security posture.

“Proper oversight from auditors and policy makers would go a long way toward helping organizations understand SSH security risks,” said Steven Armstrong, enterprise information security and risk management consultant and former Federal Reserve Bank Examiner. “Sadly, without detailed insight into the impact of lax SSH policy enforcement, most organizations do not have the information or the catalysts they need to strengthen SSH security.”

Are you auditing your SSH keys?

Like this blog? We think you will love this.
image of a thief reaching out from a laptop screen to grab the arm of a businessman on the other side of the screen
Featured Blog

Holiday Shoppers Beware: Look-Alike Domains Are Targeting Your Wallet

But just how prominent are these look-alike domains?

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

CIO Study: Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

Forrester Consulting Whitepaper: Securing the Enterprise with Machine Identity Protection
Industry Research

Forrester Consulting Whitepaper: Securing the Enterprise with Machine Identity Protection

Machine Identity Protection for Dummies
eBook

Machine Identity Protection for Dummies

About the author

Eva Hanscom
Eva Hanscom

Eva is Public Relations Manager at Venafi. She is passionate about educating the global marketplace about infosec and machine-identity issues, and in 2018 grew Venafi's global coverage by 45%.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat