Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

SSH Communications Security Launches New Secure Shell Management Service

Finland-based SSH Communications Security announced today the launch of a new governance, risk and compliance (GRC) service designed to help organizations with Secure Shell (SSH) key management in data center environments.

Finland-based SSH Communications Security announced today the launch of a new governance, risk and compliance (GRC) service designed to help organizations with Secure Shell (SSH) key management in data center environments.

SSH is a cryptographic network protocol used for secure data communication and other network services. Organizations that don’t manage their SSH keys properly expose themselves to internal and external attacks, and they risk getting fines in case an audit finds that they are not compliant with mandatory security regulations and laws.

The new Secure Shell HealthCheck service launched by SSH Communications Security at the IT-SA Conference in Nuremberg, Germany, can be used to identify violations and other issues related to SSH management, configuration and access control.

“Too few companies are fully aware of the risks associated with lax Secure Shell key management. Secure Shell HealthCheck provides organizations with a complete view into their Secure Shell environments and a detailed assessment of security and compliance risks impacting their data centers,” said Christian Kress, general manager, DACH, SSH Communications Security. “When production servers are accessible with unknown keys and where access to those servers violates policy – a common scenario we encounter – the risks to the business are evident.”

Secure Shell HealthCheck provides a full analysis of the SSH environment, including SSH key locations, trust maps, and information on nearly a dozen other significant risk areas. The service also provides organizations with information on the actions they must take in order to remediate issues, reports for each category of stakeholders (CISOs, managers and engineers), and compliance analysis for regulatory frameworks such as PCI-DSS, Basel III, and NIST guidelines.

“At many enterprises there is a lack of awareness of the role Secure Shell plays in critical day-to-day operations. Secure Shell key-based authentications can easily outnumber many other logins within the data center,” commented Kalle Jääskeläinen, vice president of product management and services at SSH Communications Security. “While companies have implemented access controls and management procedures for employee login and external facing web applications, even basic security controls like key size, strength and type, rotation and de-provisioning are not part of the IT regimen for data center access controls. Our Secure Shell HealthCheck service provides the actionable information needed to improve security and access controls.”

Tatu Ylonen, the inventor of the SSH protocol and the CEO of SSH Communications Security, is one of the authors of a recently published NIST guide for addressing the security risks posed by the use of SSH for automated access.

 

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.

Network Security

Cisco patched a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Vulnerabilities identified in TP-Link and NetComm router models could be exploited to achieve remote code execution (RCE).

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...