Venafi, the Immune System for the Internet™ and the leading provider of Next Generation Trust Protection, announced today the publication of a new National Institute on Standards and Technology (NIST) report entitled, “Security of Interactive and Automated Access Management Using Secure Shell (SSH).” NIST partnered with Venafi and others to coauthor the report to raise awareness of the major vulnerabilities associated with SSH user key management and provide concrete steps for securing and protecting their SSH systems and environments.
“A compromised cryptographic secure shell or SSH key is by far one of the worst case breach scenarios for any enterprise. Once an attacker has root-level or privileged access, they have the keys to the kingdom to completely take over an entire network or system and compromise it however they want,” said Kevin Bocek, Vice President of Security Strategy & Threat Intelligence at Venafi. “At Venafi, we’ve been educating our customers for the past decade on the importance of securing and protecting their SSH keys. We’re therefore pleased to contribute to this valuable report that will help educate security professionals about the risks associated with unsecured SSH keys and give them proper guidance on what steps they should take to best protect their systems.”
“Because SSH plays such an important role in securing administrative and automated access to a wide variety of systems across organizations of all sizes, it is critical to have a comprehensive set of policies, processes, and technical security controls in place for the proper management and oversight of SSH keys and configuration,” says Matthew Scholl chief of the National Institute of Standards and Technology’s computer security division.
Research from Venafi and The Ponemon Institute found that 3 out of 4 Global 2000 organizations have no security system for SSH, leaving the door open for rogue, root-level access and data compromises, and nearly half of all enterprises never rotate or change SSH keys. This makes their networks, servers, and cloud systems completely owned by malicious actors when SSH keys are stolen and misused.
Notable SSH compromises in the past few years include:
The NIST publication describes several SSH vulnerability areas commonly found in enterprises, including:
It provides recommended steps to manage SSH keys, including:
Added Bocek, “Most IT and security professionals don’t realize that SSH keys can provide root-level access and don’t expire—ever. So once an attacker has stolen an SSH key, they will likely have perpetual backdoor access. That’s why it’s critically important that enterprises take action now to protect their SSH keys and review this NIST guideline.”
To view a full copy of the NIST report, please visit: http://nvlpubs.nist.gov/nistpubs/ir/2015/NIST.IR.7966.pdf