5 SSH Best Practices You Can Start Implementing Today
October 28, 2015 | DevOps | joanna mastrocola
As cybersecurity month is coming to a close, it seems only fitting to provide you with some advice on maintaining your enterprise’s security all year long.
One of the hardest things to manage in large, agile enterprises are SSH keys. As your infrastructure grows, so will the amount of SSH keys and privileged accounts that you need to manage and as these numbers hit the thousands, administering and maintaining these roles will be difficult.
A study by the Ponemon Institute found that 51% of organizations aren’t even aware of how many keys and certificates are used by their organization. Not knowing where or how these keys and certificates are being used means that an enterprise is completely vulnerable to attacks. These attacks on trust are very costly since they are so difficult to detect, usually targeting acute areas. Follow our SSH best practices to ensure that security isn’t neglected for the sake of agility.
Here are 5 SSH best practices you can start implementing today:
1) Don’t confuse Authorization with Authentication.
2) Always Audit
3) Don’t Share Your Private Key…EVER.
4) Schedule SSH Key Rotation
5) Centralized Key Management
Want more tips like this? Subscribe to our blog and keep up with the latest information in IT Security.