Page 10 - index
P. 10
the Ponemon Institute, the average U.S. organization risks losing up to $87 million per stolen
SSH key.
Lack of control
Unfortunately most organizations and government entities lack the visibility into their SSH key
inventories that would be required to respond to these types of attacks.
Less than 50% of organizations have a clear understanding of their encryption key and
certificate inventory—let alone efficient controls to provision, rotate, track, or remove SSH keys.
System administrators usually deploy keys manually, with different groups managing their own
independent silos, leading to a fractured, distributed system. Without centralized monitoring and
automated tools, system administrators cannot secure or maintain control of keys.
A report issued by Dell SecureWorks’ Counter Threat Unit revealed that one in every five
Amazon Machine Images (AMI) has unknown SSH keys, each of which represents a door into
the system to which an unknown party has access. As shocking as this fact seems, it is actually
not surprising when you consider the ad-hoc management practices common in many
organizations. In performing their jobs, application administrators copy their host key to multiple
workloads but often fail to document the locations. As employees move on to new jobs, the keys
linger, and the organization loses all ability to manage and assess its systems’ exposure to
unauthorized access.
Injected elevated trust
An SSH server uses public-key cryptography to validate the authenticity of the connecting host.
If the server simply accepts a public key without truly validating the identity of the connecting
host, however, the server could easily give an attacker elevated access. Unfortunately this issue
occurs often. Attackers take advantage of poorly configured systems and inject their own SSH
keys as authorized keys, bypassing the host-based authentication controls and gaining elevated
privileges.
The mass assignment vulnerability, which is still largely unpatched, offers one example of an
injected elevated trust exploit. In secure networks, users require root or admin privileges to
append their own SSH keys to the authorized key file. Using the mass-assignment vulnerability,
however, attackers create accounts that have the appropriate permissions. They then add their
own SSH keys to gain the elevated privileges required to compromise the system.
10 Cyber Warnings E-Magazine – October 2013 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
