SSH Keys – Improved Security Controls or Improved Protocol?

As the use of Secure Shell (SSH) keys and related encryption services evolves and expands, security experts question what drives that evolution and are looking for ways to maximize the security effectiveness of the ubiquitous technology.

Recently, the Ponemon Institute found that most enterprises believe the largest security threat to their cryptographic assets is SSH key pairs, which are heavily entrenched in both data centers and cloud computing platforms. Simply put, enterprises fear attackers can easily compromise corporate access and data, thanks to weaknesses in traditional SSH key escrow and management processes.

New research suggests the fear is justified. The most recent APT1 report from Mandiant claims that 100 percent of attacks are related to compromised credentials, including SSL and SSH, and the Dell SecureWorks’ Counter Threat Unit found that one in every five Amazon Machine Images (AMIs) stored in Amazon Web Services (AWS) has unknown SSH keys. Can modern enterprises trust a key-based encryption platform, especially if it relies on SSH and cloud-based services to protect data? A plethora of compromise possibilities exist thanks to that combination, with new attacks, hacks, and interceptions occurring daily by the hundreds. Yet, as always, security comes down to trust.

The question of trust may not be easy to answer, but some practices and technologies can ease the burden of uncertainty and reestablish credibility for SSH and key-based security infrastructures. Before delving into specific tips and tricks, though, one must truly understand the magnitude of the problem.

Cryptographic keys and digital certificates establish the trust for every business and government activity we rely on, from online payments to airline operations to cloud services. Not surprisingly, then, organizations have on average more than 17,000 keys and certificates, including SSH keys. The average network has thousands of systems that use SSH for elevated and privileged access. Yet the Ponemon Institute found that only 51 percent of organizations surveyed knew how many keys and certificates were in use in their enterprise.

Cybercriminals are counting on this fact: they are leveraging organizations’ lack of visibility and their inability to respond to attacks on keys and certificates as the easiest route in. As a result, cybercriminals are successfully stealing intellectual property by exploiting this new attack vector – keys and certificates. Advanced persistent threats (APTs), targeted attacks, and compromised Certificate Authorities (CAs) are just some of the ways criminals are using weaknesses in key and certificate management to poison the trust organizations depend on for protection and security. Given the frequency of such attacks, organizations have very little time to address this major breach of trust.

Two major issues are generating vigorous discussion among those that SSH-based security impacts—which turns out to be a significant number of organizations. The majority of the Global 2000 use SSH keys for their digital communications.

The first issue is that organizations categorically do not have enterprise-wide visibility or controls in place that continuously monitor and manage SSH keys within their networks.

Without clear visibility or understanding of how SSH keys are used on the network there is little ability to respond to an attack that takes advantage of trusted SSH keys. The compromise of SSH keys within an environment allows an attacker to move seamlessly, undetected, and with elevated privileges from system to system. This enables them to steal valuable intellectual property.

The second issue affecting the SSH community is the need for improved protocols that enhance security and forensics. These protocols will also prove an important and ongoing defense against more sophisticated attacks, which are powered by ever-increasing computing potential.

There is a danger that organizations will not address these issues equally—that they will put more resources into protocol development while eschewing management improvements, or vice versa. Either way, strengthening only one element leaves significant gaps in overall SSH security.

SSH protocol author Tatu Ylonen, who has been calling for a new version of SSH for quite some time, recognizes that improving key management is as important as improving the protocol itself:

“Hundreds of thousands, even over a million SSH keys authorizing access have been found from the IT environments of many large organizations. This is many times more than they have interactive users. These access-granting credentials have largely been ignored in identity and access management, and present a real risk to information security.”

Substandard protection of keys and certificates is potentially the easiest attack vector to eliminate. Enterprises, cloud providers, auditors, and many more will have to pursue wholesale upgrades that include new servers and clients. And whether the technology is new or old, ultimately the established trust at the heart of every enterprise’s private and public cloud strategy must still be properly controlled and managed. Until that is accomplished, cybercriminals will continue to target poorly secured cryptographic keys—including, but not limited to SSH keys—and digital certificates.

Register for Upcoming Webcast on July 17: Addressing the Open Doors in Your APT Strategy

Related Reading: Is Your Enterprise Managing Certificates? Three Reasons It Should Be.

Related Reading: Cost of Failed Trust Report