SSH: The Two-Edged Sword in Your Security Strategy

What you don’t know can hurt you

by Thomas MacIsaac, Cybersecurity Strategist, SSH Communications Security

Cybercrime is as old as the internet, which means there has always been a need for cybersecurity. One of these bits of security is the Secure Shell (SSH) protocol, designed by Tatu Ylönen more than 20 years ago to protect communications between computers. Its main function is to circumvent man-in-the-middle attacks that can steal data in transit by establishing a kind of shell—an encrypted tunnel—to facilitate secure communication between two points. It gained widespread adoption such that today, SSH comes pre-installed in every Unix, Linux, Mainframe, Mac and most network devices.

Dangerous Complacency

The success of SSH is a two-edged sword. It effortlessly arrives on servers and devices, so most organizations put no further effort toward it. They do not have any group or individual responsible for monitoring SSH activities. In fact, most businesses make the leap that SSH equals encryption and encryption equals security. In this day and age, who doesn’t want more encryption and security?

The premise that encryption alone negates the need for vigilance and oversight of SSH use is dangerously flawed. Here is why: SSH does encrypt communication, but the real formula of SSH is best represented by a more accurate equation of SSH equals access. SSH access comes in two variants: interactive (Human to Machine) and non-interactive (Machine to Machine). Furthermore, access to critical resources and data needs to be managed, monitored and controlled. Thus, closing the SSH responsibility gap should be a Tier 1 priority for an enterprise.

Who Holds the Keys?

As with other encryption protocols, SSH works by creating key pairs consisting of a private and a public key. To understand the function of these keys, it’s best to use an analogy: A public key is similar to a lock on a door, whereas a private key is similar to a physical key you keep in your pocket. Presenting a matching private key to a public key grant an encrypted connection.

There are certain aspects of SSH that engender risk:

• Tunnel vision – SSH tunneling enables traffic to traverse routers and avoid being blocked.

• Self-provisioned keys – It is a disquieting thought that SSH keys allow any employee or consultant access to critical applications.

• SSH keys are good forever – Even a key pair created decades ago still works today.
• Security workarounds – Security solutions don’t work on SSH encrypted traffic,
effectively creating a security blind spot.

• Deep-level access – SSH can provide root (command)-level access to systems and data.

• Sharing the wealth – Because people often copy and share SSH keys, it is impossible to know who did what when.

It’s clear to see how SSH keys if used with malicious intent, grant the ability to do all sorts of nefarious things that cannot be detected within this security blind spot created through SSH.

Guidelines for SSH

However, all is not lost. Effective, consistent SSH key management and risk prevention are possible with the implementation of industry best practices. One best practice is to create usage procedures that include periodic access reviews, documenting and disseminating security policies and standards, and implementation of required IT controls.

Another is to create and implement hardening configuration and to set up a timetable to regularly review the configuration. Consider automated tools to manage the configuration and apply integrity control checks and monitoring over critical files. Make sure to define roles and responsibilities as well, so that SSH key management does not fall through the cracks again.

Because there could ultimately be tens of thousands of keys in play, automation is critical for the success of SSH key deployments. Make sure to put automation in place. Standardization is required, and access restrictions are key. Finally, the inventory of keys and usage tracking is necessary as part of the overall provisioning of users and accounts.

Encrypted communications are a great asset – until they aren’t. Cybercriminals are determined and innovative and will use whatever they can find to steal data. SSH in the wrong hands can be disastrous, granting root-level access to the network. Encrypted traffic can cause a security blind spot, so SSH must be properly and consistently managed. Use these best practices now to get started on the path to greater overall security.

About the Author

Thomas MacIsaac is a cybersecurity strategist and currently serves as VP Eastern US, Canada and Federal Markets for SSH. Thomas has spent over 22 years in the high-tech industry representing many of the foundational and cutting-edge technologies of our time. Thomas regularly consults with Fortune 500 businesses and government agencies in the area of security on topics of data at rest and in transit, identity and access management, APIs, and SIEMS, and is a sought-after speaker for audit, compliance, and security events.
First Name can be reached online at our company website https://www.ssh.com/