The SSH protocol that is embedded on Unix, Linux, Mainframe, and Windows 16 Servers – in additional to Switches, Routers, IOT devices, etc. can be compromised by bad actors with access to keys. This is also true for anyone deploying applications in the cloud.
The SSH protocol creates an encrypted tunnel providing users with root level access. In the wrong hands, misuse of the SSH protocol have led to disastrous consequences. Here is why:
Encrypted SSH traffic cannot be monitored by existing tools. DLP, SIEM’s, Firewall’s etc. do not work
SSH Key’s don’t expire – a key created 20 years ago still works today.
SSH Keys are often copied and shared, creating a challenges to tie back who did what and when
SSH Tunneling (just what the name implies) facilitates a security loophole
Bad actors operating within this security blind spot can bypass security controls, install software, transfer data, and delete their activity.
Recommended Course of Action
Review and apply the NIST 79666 white paper recommended guidelines to prevent security breaches.
- What CISO’s Need to Know about the Newest NIST Guidelines for Secure Shell
- Federal Information Security Modernization Act (FISMA) of 2014
- National Institute of Standards and Technology - NIST
- NIST Internal/Interagency Reports (NISTIR)
- NISTIR 7966
- NIST Special Publication (NISTSP) 800-53 Revision 4
- Cybersecurity Framework
Stay on top of vulnerabilities with (ISC)2’s members-only resource for researching and tracking vulnerabilities and mitigating risks – Vulnerability Central.
By Thomas MacIsaac, Vice President, Eastern US and Canada, SSH Communications Security