Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

9/13/2017
02:30 PM
Kelly Sheridan
Kelly Sheridan
Quick Hits
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Businesses Fail to Properly Secure, Assess SSH: ISACA

Frequently used but underappreciated, Secure Shell is rarely secured, assessed, documented, or managed in a systematic way, researchers report.

Most businesses use the Secure Shell (SSH) technology, a cryptographic protocol designed to enable secure file transfers and remote communications. However, it's rare they appropriately secure, document, routinely assess, and manage SSH, as reported in a new ISACA paper released Tuesday.

SSH was developed as a secure alternative to telnet and rsh/rexec. It's primarily used to allow a remote command shell (for example, the Bourne shell or C shell) over a network connection. It also allows port-forwarding capability and implements SFTP to allow secure file transfer.

It's essential for security leaders to ensure SSH is securely deployed and monitor its usage so it continues to protect against man-in-the-middle attacks, isn't misused by privileged insiders, or any number of other troubles. However, ISACA points out several challenges in doing all this well.

For one, businesses are struggling to manage and track SSH cryptographic keys. SSH is natively supported by Amazon Web Services, Google Cloud, and other service providers that offer virtual Linux hosts. Each SSH server has its own key to authenticate the device to clients and as SSH hosts increase on premise and in the cloud, complexities of key management will grow.

There is also a challenge in deciding who is responsible for SSH keys. Usually it's unclear who should handle tasks like managing key inventory and usage, a complexity that underscores the need to integrate controls and processes into broader control management, ISACA explains.

SSH is critical from a security perspective but generally invisible to the business; as a result, executives tend to overlook it. It's necessary for system administrators to operate, but how it's managed doesn't usually affect business processes. This can make it tough to ensure SSH gets executive attention and is addressed in risk management and audit planning.

Read more about SSH challenges and considerations by looking at the full report here.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Windows 10 Migration: Getting It Right
Kevin Alexandra, Principal Solutions Engineer at BeyondTrust,  5/15/2019
Artist Uses Malware in Installation
Dark Reading Staff 5/17/2019
Baltimore Ransomware Attack Takes Strange Twist
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/14/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12184
PUBLISHED: 2019-05-19
There is XSS in browser/components/MarkdownPreview.js in BoostIO Boostnote 0.11.15 via a label named flowchart, sequence, gallery, or chart, as demonstrated by a crafted SRC attribute of an IFRAME element, a different vulnerability than CVE-2019-12136.
CVE-2019-12173
PUBLISHED: 2019-05-18
MacDown 0.7.1 (870) allows remote code execution via a file:\\\ URI, with a .app pathname, in the HREF attribute of an A element. This is different from CVE-2019-12138.
CVE-2019-12172
PUBLISHED: 2019-05-17
Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\ on macOS or Linux, or file://C| on Windows. This is different from CVE-2019-12137.
CVE-2019-12168
PUBLISHED: 2019-05-17
Four-Faith Wireless Mobile Router F3x24 v1.0 devices allow remote code execution via the Command Shell (aka Administration > Commands) screen.
CVE-2019-12170
PUBLISHED: 2019-05-17
ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/_core/backups/upload.php (aka backup) component. This may result in remote command execution. An attacker can use the instructor account to fully compromise the system using a crafted backup ZIP archive. This will allow for PH...