Organizations are not managing Secure Shell (SSH) in their IT environments, exposing critical systems and data to cyberattacks, according to new research from Venafi. Justin Jett, Director of Audit and Compliance at Plixer commented below.
Justin Jett, Director of Audit and Compliance at Plixer:
“The risk of poorly managed SSH keys is that anyone with one of these keys has access as long as they have a way to connect to the end system. This could be either a server with a public facing IP or an employee that has the key on the local network. Network traffic analytics plays a big part in this by showing you where there are SSH connections on your network. If you see remote SSH connections to internal servers, you likely have a security vulnerability that needs to be addressed. SSH keys should be managed in the same way that Public Key Infrastructure (PKI) is managed. If an organization doesn’t allow most users to sign TLS certificates, they shouldn’t allow users to use their own authorized keys. Unfortunately, with a large number of systems to manage, it is difficult to understand which keys currently exist and for which systems they are being used. A refresh of the SSH key infrastructure would be needed to properly monitor and manage the keys that are being used on critical company systems.”