Vulnerabilities / Threats

10/20/2017
01:10 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Study: 61 Percent of Organizations Have Minimal Control of SSH Privileged Access

Only 35 percent rotate SSH keys as an automated process when administrators leave or are reassigned

SALT LAKE CITY, UT – October 17, 2017: Venafi®, the leading provider of machine identity protection, today announced the results of a study that evaluates how organizations manage and implement Secure Shell (SSH) in their environments. Over 410 IT security professionals participated in the study, which reveals a widespread lack of SSH security controls.

Cybercriminals can abuse SSH keys to secure and automate administrator-to-machine and machine-to-machine access to critical business functions. According to Venafi’s research, even though SSH keys provide the highest levels of administrative access they are routinely untracked, unmanaged and poorly secured. For example, 63 percent of respondents admit they do not actively rotate keys, even when an administrator leaves their organization, allowing them to have ongoing privileged access to critical systems.

“A compromised SSH key in the wrong hands can be extremely dangerous,” said Nick Hunter, senior technical manager for Venafi. “Cybercriminals can use them to access systems from remote locations, evade security tools, and often use the same key to access more systems. Based on these results, it’s very clear that most organizations have not implemented SSH security policies and restricted SSH access configurations because they do not understand the risks of SSH and how it affects their security posture.”

Key study findings:

  • Sixty-one percent of respondents do not limit or monitor the number of administrators who manage SSH; only 35 percent enforce policies that prohibit SSH users from configuring their authorized keys leaving organizations blind to abuse from malicious insiders.
  • Ninety percent of the respondents said they do not have a complete and accurate inventory of all SSH keys so there is no way to determine if keys have been stolen, misused or should not be trusted.
  • Just twenty-three percent of respondents rotate keys on a quarterly or more frequent basis. Forty percent said that they don’t rotate keys at all or only do so occasionally. Attackers that gain access to SSH keys will have ongoing privileged access until keys are rotated.
  • Fifty-one percent of respondents said they do not enforce “no port forwarding” for SSH.  Port forwarding allows users to effectively bypass the firewalls between systems so a cybercriminal with SSH access can rapidly pivot across network segments.
  • Fifty-four percent of respondents do not limit the locations from which SSH keys can be used.  For applications that don’t move, restricting SSH use to a specific IP address can stop cybercriminals from using a compromised SSH key remotely.

 

The study was conducted by Dimensional Research and completed in July 2017. It analyzed responses from four hundred eleven IT and security professionals with in-depth knowledge of SSH from the United States, United Kingdom and Germany.

Additional Resources:

eBook: How Safe are Your SSH Keys?

Executive Brief: 2017 SSH Study

Solution Brief: Manage and Secure SSH Keys

Blog: Best Practices for SSH Key Management: What Are Your SSH Security Risks?

About Venafi

Venafi is the cybersecurity market leader in machine identity protection, securing all connections and communications between machines. Venafi protects machine identity types by orchestrating cryptographic keys and digital certificates for SSL/TLS, IoT, mobile and SSH. Venafi provides global visibility of machine identities and the risks associated with them for the extended enterprise —on premises, mobile, virtual, cloud and IoT — at machine speed and scale. Venafi puts this intelligence into action with automated remediation that reduces the security and availability risks connected with weak or compromised machine identities while safeguarding the flow of information to trusted machines and preventing communication with machines that are not trusted.

With over 30 patents, Venafi delivers innovative solutions for the world's most demanding, security-conscious Global 5000 organizations, including the top five U.S. health insurers, the top five U.S. airlines, four of the top five U.S., U.K. and South African banks, and four of the top five U.S. retailers. For more information, visit http://venafi.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
New Cold Boot Attack Gives Hackers the Keys to PCs, Macs
Kelly Sheridan, Staff Editor, Dark Reading,  9/13/2018
Yahoo Class-Action Suits Set for Settlement
Dark Reading Staff 9/17/2018
RDP Ports Prove Hot Commodities on the Dark Web
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12242
PUBLISHED: 2018-09-19
The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system or network.
CVE-2018-12243
PUBLISHED: 2018-09-19
The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. The attack uses file URI schemes or relative paths i...
CVE-2018-14792
PUBLISHED: 2018-09-19
WECON PLC Editor version 1.3.3U may allow an attacker to execute code under the current process when processing project files.
CVE-2018-16607
PUBLISHED: 2018-09-19
Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject arbitrary web script via the Orgs name field.
CVE-2018-16785
PUBLISHED: 2018-09-19
XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to obtain webshell