Venafi Co-Authors New NIST Report on Managing & Securing SSH Keys
Salt Lake City, UT
December 1, 2015
Published Guidance Offers Enterprises Advice on How to Identify and Protect Against Root-Level Compromises
Venafi, the Immune System for the Internet™ and the leading provider of Next Generation Trust Protection, announced today the publication of a new National Institute on Standards and Technology (NIST) report entitled, “Security of Interactive and Automated Access Management Using Secure Shell (SSH).” NIST partnered with Venafi and others to coauthor the report to raise awareness of the major vulnerabilities associated with SSH user key management and provide concrete steps for securing and protecting their SSH systems and environments.
“A compromised cryptographic secure shell or SSH key is by far one of the worst case breach scenarios for any enterprise. Once an attacker has root-level or privileged access, they have the keys to the kingdom to completely take over an entire network or system and compromise it however they want,” said Kevin Bocek, Vice President of Security Strategy & Threat Intelligence at Venafi. “At Venafi, we’ve been educating our customers for the past decade on the importance of securing and protecting their SSH keys. We’re therefore pleased to contribute to this valuable report that will help educate security professionals about the risks associated with unsecured SSH keys and give them proper guidance on what steps they should take to best protect their systems.”
“Because SSH plays such an important role in securing administrative and automated access to a wide variety of systems across organizations of all sizes, it is critical to have a comprehensive set of policies, processes, and technical security controls in place for the proper management and oversight of SSH keys and configuration,” says Matthew Scholl chief of the National Institute of Standards and Technology’s computer security division.
Research from Venafi and The Ponemon Institute found that 3 out of 4 Global 2000 organizations have no security system for SSH, leaving the door open for rogue, root-level access and data compromises, and nearly half of all enterprises never rotate or change SSH keys. This makes their networks, servers, and cloud systems completely owned by malicious actors when SSH keys are stolen and misused.
Notable SSH compromises in the past few years include:
In 2014, Kaspersky Labs revealed The Mask operation (Careto) compromises over a seven year period where a sophisticated, organized crime group in Spain carried out an APT-style attack using multiple attack methods to steal data from governments and businesses. This group was known to steal SSH keys used to authenticate administrators, servers, virtual machines, and cloud services.
In June 2015, Cisco announced it had default SSH keys deployed on three of its security appliances which left its customers at risk of an unauthenticated remote attacker being able to intercept traffic or gain access to vulnerable systems with root privileges.
The NIST publication describes several SSH vulnerability areas commonly found in enterprises, including:
Vulnerable SSH implementation
Improperly configured access controls
Stolen, leaked, derived, and unterminated SSH user keys
Backdoors (unaudited user keys)
Unintended usage of user keys
Lack of knowledge and human errors
It provides recommended steps to manage SSH keys, including:
Define SSH Key-Based Life Cycle and Termination Policies and Processes. Configuring access to an account for interactive users and automated processes should be a judged decision, balancing the need for access against the risks, and should include consideration of the level of access required.
Establish Continuous Monitoring and Audit Processes. The purpose of continuous monitoring is to ensure that the processes for provisioning, life cycle management, and termination are followed and enforced. Unauthorized and misconfigured SSH user keys should be detected.
Inventory and Remediate Existing SSH Servers, Keys, and Trust Relationships. Existing legacy keys pose a substantial security risk and make risk analysis difficult if they are not understood. An inventory of the location of all existing SSH keys and an inventory of trust relationships must be created and evaluated against defined policies.
Automate Processes. The automation of the processes involved in the management of SSH key-based access can significantly improve security, efficiency, and availability.
Educate Executive Management. Many executives are not aware of the central role SSH keys play in the operation of mission critical infrastructure and the significant breaches that can occur if they are exploited. Without sufficient executive education for both security and operationally focused executives, SSH key management initiatives can get derailed by other seemingly higher priorities, leaving an organization vulnerable.
Added Bocek, “Most IT and security professionals don’t realize that SSH keys can provide root-level access and don’t expire—ever. So once an attacker has stolen an SSH key, they will likely have perpetual backdoor access. That’s why it’s critically important that enterprises take action now to protect their SSH keys and review this NIST guideline.”