infoTECH Feature

March 21, 2018

The Intrinsic Risks of SSH and How to Overcome Them

By Special Guest
Thomas MacIsaac, VP, Eastern US, Canada and Federal Markets, SSH Communications Security

Not so long ago, a young researcher experienced a hacking incident at his university. Thousands of user names and passwords had been stolen, and this young man began thinking about what he could do to make the network more secure. He learned more about networking and cryptography and, within three months, had created a crypto-based access protocol that is now, just over 20 years later, used in hundreds of millions of computers. 

That young man was Finland’s Tatu Ylönen, and the protocol is Secure Shell, which we know more commonly as SSH. The protocol’s primary function is to provide trusted access and encrypt communication in transit to prevent man-in-the-middle attacks. Once a connection is established, SSH effectively creates an encrypted tunnel to facilitate secure communication between two points.

  

It’s All About Access

This seems like a simple success story of a man who identified a problem and fixed it. But there’s more to the story. Since SSH comes pre-installed on servers and devices, most organizations do not have any group or individual responsible for monitoring SSH activities. In fact, most businesses make the leap that SSH equals encryption, and encryption equals security. In this day and age, who doesn’t want more encryption and security? The premise that encryption alone negates the need for vigilance and oversight of SSH use is dangerously flawed.

That is not an overstatement. Although SSH does encrypt communication, the more important point about the protocol is that SSH equals access. SSH access comes in two variants: interactive (Human to Machine) and non-interactive (Machine to Machine). Furthermore, access to critical resources and data needs to be managed, monitored and controlled. Thus, closing the SSH responsibility gap should be a Tier 1 priority for an enterprise.

Dangerous Keys

To keep communications secure, SSH establishes key pairs comprised of a private and a public key. To understand the function of these keys, it’s best to use an analogy: A public key is similar to a lock on a door, whereas a private key is similar to a physical key you keep in your pocket. Presenting a matching private key to a public key grants an encrypted connection.  

So far, so good. But there are intrinsic risks to SSH because of these features:

  • Working around security controls – Security tools don’t work on SSH encrypted traffic, effectively creating a security blind spot.
  • No expiration date – A pair of SSH keys created 20 years ago still works today.
  • Self-provisioned keys – These keys make it possible for any employee or consultant to gain access to critical applications.
  • Sharing is not caring – People often copy and share SSH keys, preventing you from knowing who did what when.
  • Access at the deepest level – SSH keys can provide root (command)-level access to systems and data.
  • Tunnel vision – SSH enables traffic to “tunnel”, or to traverse routers and avoid being blocked.

It is obvious, then, that in the hands of bad actors, SSH keys can spell disaster for any business, granting them the ability to do all sorts of nefarious things beyond detection within this security blind spot created through SSH.

Secure Steps for Secure Shell

To prevent this, organizations can follow best practices for effective, consistent SSH key management and risk prevention. First, create usage procedures that include periodic access reviews, documenting and disseminating security policies and standards, and implementation of required IT controls.

The second step is to develop and deploy hardening configuration and review the configuration periodically. Consider automated tools to manage the configuration and apply integrity control checks and monitoring over critical files. Make sure to define roles and responsibilities as well, so that SSH key management does not fall through the cracks again.

The third step is to put automation in place because it is critical for the success of SSH key deployments. Standardization is required, and access restrictions are key. Finally, inventory of keys and usage tracking is necessary as part of the overall provisioning of users and accounts.

It’s ironic that a protocol created to protect communications has, over time, developed inherent risks due to widespread adoption and poor to non-existent management practices. SSH keys are capable of granting pervasive, root-level access to the network that, in the wrong hands, could be the death blow to a company. Use the best practices recommended above to secure SSH and keep it secure.

About the author:

Thomas MacIsaac is a cybersecurity strategist and currently serves as VP Eastern US, Canada and Federal Markets for SSH. Thomas has spent over 22 years in the high-tech industry representing many of the foundational and cutting-edge technologies of our time. Thomas regularly consults with Fortune 500 businesses and government agencies in the area of security on topics of data at rest and in transit, identity and access management, APIs, and SIEMS, and is a sought-after speaker for audit, compliance, and security events.


Edited by Erik Linask
FOLLOW US

Subscribe to InfoTECH Spotlight eNews

InfoTECH Spotlight eNews delivers the latest news impacting technology in the IT industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter

infoTECH Whitepapers