Today, organizations of all types and sizes use the secure shell protocol—or, as it’s more commonly known, SSH—to secure data in transit. Yet many people may not know the origination of the secure shell protocol. As a university student in Helsinki, back in 1995, I invented this security protocol to protect data in transit as it goes through the network environment.
The protocol creates a cryptographic key pair, one for the server and one for the user, which secures the data as it passes between two points. Although the protocol itself ensures protection of data, most organizations are incredibly lax in the management, termination and removal processes that should accompany the proper management of secure shell keys. By overlooking the management of key pairs, an excess of pairs are created, potentially leading to serious security threats for organizations. Untraceable access paths to sensitive data, resulting from the creation of thousands of key pairs, become a problem if administrators have no way of knowing how to find or remove them.
IT administrators responsible for protecting large amounts of data should carefully examine their current secure shell management processes to highlight areas of improvement. This article outlines clear steps that can be taken to improve network security by remedying mismanagement of secure shell keys.
Whose Fault Is It?
Ignoring the management of secure shell keys will only lead to compounded problems. Organizations that aren’t monitoring keys are not only leaving themselves vulnerable to attacks, but they are also at risk of being noncompliant and having to deal with the multitude of headaches that accompany such a revelation. It’s time for companies to take a step back and take careful inventory of the situation.
It’s worthwhile to take a look at how this problem has become so widespread in the first place. Typically, the management of secure shell environments is quite technical in nature, so the responsibility falls under the jurisdiction of IT departments with specialized skills. With company managers often too busy to think about such problems and with system administrators who are usually focused on only a small sector of the IT department, key management has fallen through the cracks. If no one is paying close attention and looking at the big picture, who bears responsibility for managing these precious keys?
The answer is that CISOs, CIOs and IT risk-management professionals should work together to take responsibility and initiate a plan of action that ensures the proper management of these keys.
The Shocking Truth
Our work with major enterprises has shown that most organizations currently have anywhere between 8 and over 100 secure shell keys that permit access to Unix/Linux servers, many of which grant high-level access. Given such revelations, it’s important for organizations to realize the significant vulnerability this situations presents. Attackers attempting to break into a network can use these mismanaged key pairs to create and install backdoors, thereby bypassing all security controls that may have been put in place. Anyone who has ever had access to the network, from an employee to a contractor, can use these key pairs to maliciously invade the network.
With such serious risks stemming from any person who’s had access to the network, it is incredibly important that administrators take steps to ensure the secure shell keys can’t be used destructively.
A Virus Attack on Secure Shell Keys
As attacks become more sophisticated and network breaches more common, managing secure shell keys will help prevent viruses from infecting the network environment. Malicious attackers will target secure shell keys because they are capable of spreading viruses quickly. Once viruses are firmly stationed in the network, they can use unmanaged keys to spread server wide, infecting all areas of the network environment.
The large quantity of keys that are distributed greatly increases the chances of a virus spreading within minutes, also including infection of backup and recovery systems that are managed by secure shell keys. In looking at the worst-case scenario, a virus using multiple attack vectors has the potential to spread across the Internet and, if combined with certain destructive technologies, wipe out vast amounts of data.
Compliance Regulations for Access Management
Companies should also be aware that mismanaging secure shell keys could also put them at risk of being noncompliant. Regulations such as SOX, FISMA, PCI and HIPAA require control over network access, as well as the ability of administrators to terminate this access accordingly.
There are clear arguments in favor of proper processes to manage secure shell keys, so why does it continue to be ignored? Several factors have led to the persistence of the problem, but it’s important to understand that they don’t stem from any weaknesses or flaws in the secure shell protocol itself. These issues typically originate from the following:
- A misunderstanding of the impact and scope of the problem
- Lack of resources to educate administrators
- Unavailability of company guidelines or policies for managing secure shell keys
- Ineffective solutions that prevent auditors from flagging known issues
Organizations that continue to ignore the issues are deliberately leaving themselves vulnerable to attack. Proper control, auditing and termination of secure shell key access pairs, is a necessary step in ensuring security of data and should be taken seriously.
Steps to Take
Organizations first need to realize they have a problem and then move forward in fixing it. Once the problems have been identified, the following steps will help correct the problem:
- Discovering all trust-relationships currently in existing and who has access
- Automating key setups and removals, thereby eliminating manual work and potential human error
- Monitoring the network to see which keys are in use and remove the ones that are not
- Rotating key pairs regularly so compromised key pairs can be removed
- Controlling each key’s access points and what commands they execute
- Enforcing proper management for all key setups and operations
Secure shell is an excellent resource for managing the security of data-in-transit, but without the proper management of the environment it doesn’t work to its full potential. Organizations need to take careful steps to manage keys, or else risk losing sensitive information or facing non-compliant fines. The commitment from several teams within an organization is necessary for a full recovery and future assurance of secure shell environments. The process could take some time, but the steps outlined here are a great starting point.
About the Author
Tatu Ylönen is the CEO and founder of SSH Communications Security. While working as a researcher at Helsinki University of Technology, Tatu began working on a solution to combat a password-sniffing attack that targeted the university’s networks. What resulted was the development of the secure shell (SSH) protocol, a security technology that would quickly replace vulnerable rlogin, Telnet and RSH protocols as the gold standard for data-in-transit security.
Tatu has been a key driver in the emergence of security technology, including SSH & SFTP protocols, and coauthor of globally recognized IETF standards. He has been with SSH since its inception in 1995, holding various roles including CEO and CTO, and has served a board member.
Tatu holds a Master of Science degree from the Helsinki University of Technology.
Image courtesy of purpleslog