Vulnerabilities / Threats

10/20/2017
01:10 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Study: 61 Percent of Organizations Have Minimal Control of SSH Privileged Access

Only 35 percent rotate SSH keys as an automated process when administrators leave or are reassigned

SALT LAKE CITY, UT – October 17, 2017: Venafi®, the leading provider of machine identity protection, today announced the results of a study that evaluates how organizations manage and implement Secure Shell (SSH) in their environments. Over 410 IT security professionals participated in the study, which reveals a widespread lack of SSH security controls.

Cybercriminals can abuse SSH keys to secure and automate administrator-to-machine and machine-to-machine access to critical business functions. According to Venafi’s research, even though SSH keys provide the highest levels of administrative access they are routinely untracked, unmanaged and poorly secured. For example, 63 percent of respondents admit they do not actively rotate keys, even when an administrator leaves their organization, allowing them to have ongoing privileged access to critical systems.

“A compromised SSH key in the wrong hands can be extremely dangerous,” said Nick Hunter, senior technical manager for Venafi. “Cybercriminals can use them to access systems from remote locations, evade security tools, and often use the same key to access more systems. Based on these results, it’s very clear that most organizations have not implemented SSH security policies and restricted SSH access configurations because they do not understand the risks of SSH and how it affects their security posture.”

Key study findings:

  • Sixty-one percent of respondents do not limit or monitor the number of administrators who manage SSH; only 35 percent enforce policies that prohibit SSH users from configuring their authorized keys leaving organizations blind to abuse from malicious insiders.
  • Ninety percent of the respondents said they do not have a complete and accurate inventory of all SSH keys so there is no way to determine if keys have been stolen, misused or should not be trusted.
  • Just twenty-three percent of respondents rotate keys on a quarterly or more frequent basis. Forty percent said that they don’t rotate keys at all or only do so occasionally. Attackers that gain access to SSH keys will have ongoing privileged access until keys are rotated.
  • Fifty-one percent of respondents said they do not enforce “no port forwarding” for SSH.  Port forwarding allows users to effectively bypass the firewalls between systems so a cybercriminal with SSH access can rapidly pivot across network segments.
  • Fifty-four percent of respondents do not limit the locations from which SSH keys can be used.  For applications that don’t move, restricting SSH use to a specific IP address can stop cybercriminals from using a compromised SSH key remotely.

 

The study was conducted by Dimensional Research and completed in July 2017. It analyzed responses from four hundred eleven IT and security professionals with in-depth knowledge of SSH from the United States, United Kingdom and Germany.

Additional Resources:

eBook: How Safe are Your SSH Keys?

Executive Brief: 2017 SSH Study

Solution Brief: Manage and Secure SSH Keys

Blog: Best Practices for SSH Key Management: What Are Your SSH Security Risks?

About Venafi

Venafi is the cybersecurity market leader in machine identity protection, securing all connections and communications between machines. Venafi protects machine identity types by orchestrating cryptographic keys and digital certificates for SSL/TLS, IoT, mobile and SSH. Venafi provides global visibility of machine identities and the risks associated with them for the extended enterprise —on premises, mobile, virtual, cloud and IoT — at machine speed and scale. Venafi puts this intelligence into action with automated remediation that reduces the security and availability risks connected with weak or compromised machine identities while safeguarding the flow of information to trusted machines and preventing communication with machines that are not trusted.

With over 30 patents, Venafi delivers innovative solutions for the world's most demanding, security-conscious Global 5000 organizations, including the top five U.S. health insurers, the top five U.S. airlines, four of the top five U.S., U.K. and South African banks, and four of the top five U.S. retailers. For more information, visit http://venafi.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Veterans Find New Roles in Enterprise Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/12/2018
Empathy: The Next Killer App for Cybersecurity?
Shay Colson, CISSP, Senior Manager, CyberClarity360,  11/13/2018
Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard Technologies,  11/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15769
PUBLISHED: 2018-11-16
RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is...
CVE-2018-18955
PUBLISHED: 2018-11-16
In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resour...
CVE-2018-19311
PUBLISHED: 2018-11-16
Centreon 3.4.x allows XSS via the Service field to the main.php?p=20201 URI, as demonstrated by the "Monitoring > Status Details > Services" screen.
CVE-2018-19312
PUBLISHED: 2018-11-16
Centreon 3.4.x allows SQL Injection via the searchVM parameter to the main.php?p=20408 URI.
CVE-2018-19318
PUBLISHED: 2018-11-16
SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=manager&a=update to change the username and password of the super administrator account.