A considerable number of Canadian IT departments rely on the Secure Shell protocol for automating access management thanks to it being embedded in a wide number of IT, networking and security products.
Its advantages include built-in support for user and device authentication and transmission encryption.
But a just-released report the U.S. National Institute of Standards and Technology (NIST) is cautioning organizations using SSH to keep a better eye open for vulnerabilities in their systems.
“Management of automated access requires proper provisioning, termination, and monitoring processes,just as interactive access by normal users does,” the report says. “However, the security of SSH-based automated access has been largely ignored to date. Many organizations don’t even know how many keys they have configured to grant access to their information systems or who has copies of those keys.
“These keys often grant far more access than is actually needed, such as allowing execution of any command or transfer of files to any directory. Also, in many organizations, system administrators configure new keys without any approvals or coordination, and may use them to circumvent auditing of privileged access and maintenance.
“Some large enterprises have hundreds of thousands or even millions of SSH user keys on their systems for automated access, which often provide many more entry points onto servers than the interactive user accounts do. Also, a sizable percentage of these keys typically grant access to
administrative/root accounts or sensitive accounts, such as those storing database files or critical software.”
There are 15 mitigations listed, but I’ll highlight only some of them here:
–Keep all SSH server and client implementations fully up to date.
–Configure all SSH clients and servers securely, including preventing any use of the SSH version 1 protocol.
–Rotate SSH keys regularly, similar to how other authenticators (e.g., passwords) are changed.
–Keep an inventory of all enabled SSH identity keys in the organization.
–Implement a termination process for identity keys when an employee leaves the organization or changes roles in such a way that identity key access is no longer needed.
–Have a distinct, unique host key for each host using SSH for automated access.
–Protect identity keys so that they are not stolen.
The 33-page report is a concise yet detailed outline of the vulnerabilities in SSH-based automated access, recommended best practices for management planning and implementation. It belongs in every CSO’s security references folder.