EB: What is SSH?
CD: In short, SSH, or Secure Shell, provides secure access to remote computers over an otherwise insecure network. This access protects administrator-to-machine tasks as well as automated machine-to-machine functions. To ensure only authorized people and machines have access, SSH uses public-key cryptography for authentication. For example, SSH keys authenticate the identity of the machines exchanging information (machine identities) to secure these automated machine communications.
EB: Why is SSH important?
CD: All organizations rely on SSH as an encrypted protocol to authenticate privileged users, establish trusted access and connect administrators and machines. SSH use spans many critical systems, including application servers, routers, firewalls, virtual machines, cloud instances, and many other devices and systems.
Collectively, the number of systems using SSH can be extensive. Included in this number are many systems that use SSH in automated applications and scripts without human input or review. For example, this includes transferring sensitive files between systems overnight. As organizations get bigger, an even higher percentage of their automated applications and scripts use SSH.
EB: If SSH isn’t used, how else can organisations remotely manage routers, firewalls and other systems?
CD: Without SSH, remote access would be conducted over unsecured networks, exposing an organization’s most critical systems and data. Without the safeguards of SSH, attackers can more easily intercept sensitive communications or impersonate a trusted system to gain access.
EB: Are there any risks involved? What are they?
CD: SSH is intended to provide secure privileged access. But when SSH itself is not secure, it can become more of a security liability than a security asset. Once SSH keys are put in place, they create ongoing, automatic connections from one system to another, without requiring a password. This creates a persistent trust relationship—one that cyber criminals and malicious insiders are eager to access and misuse in their attacks.
Most enterprises view SSH keys as simply an operational tool that can be configured and self-managed by system administrators, who often do not understand the security implications. Today’s enterprises are falling short with haphazard management and ownership, incomplete inventories, poor configuration practices, and inadequate and unenforced security policies. These poor security practices can result in unauthorized privileged access followed by misuse of other existing SSH trust relationships to pivot further into the network.
EB: How can these risks be managed?
CD: When SSH environments are properly managed and secured, they safely serve their purpose of securing remote access. But to achieve this, organizations need a centralized, automated approach that delivers sound security, policy and auditing practices.
There are four steps that help to secure an organization’s SSH usage: 1) Build a comprehensive inventory; 2) Identify SSH vulnerabilities; 3) Remediate; and 4) Monitor.
Automation must underlie all of these steps to secure the thousands, if not millions, of SSH keys used in every enterprise. This automation should apply to the entire SSH key life cycle from issuance to decommissioning, including regular rotation of SSH keys—similar to password rotation policies. With these steps in place, organizations can secure and control all SSH keys to minimize the risk of unauthorized access to critical systems.