How Many SSH Keys Have You Left Lying Around?
By John Worrall
How do you prevent unauthorized groups or individuals from gaining access to your valuable information and belongings? A lock and keys – simple, right? Well, what happens when anyone can create a set of keys anytime they want, and keep or share them forever? In the enterprise, organizations are experiencing this very problem, and often don’t even know about it. SSH keys, for example, are created and used daily by IT to get direct, root access to critical systems. With these keys, users have ongoing, uncontrolled privileged access to a target system. And according to IDC, there could be more than one million of them in an average large enterprise!
Earlier this week we launched a major expansion to our Privileged Account Security Solution that covers end-to-end SSH key management, including the discovery of keys. The goal of the product is to address and solve the most common questions we discuss with customers around SSH keys:
- How many SSH keys do I have? Of those, how many are orphaned?
- What machines and accounts on the network can be accessed using SSH keys?
- Which keys are carrying the most risk to my organization?
These are big questions that really only scratch the surface of SSH key vulnerabilities. Normal business operations aren’t the only way SSH keys can be created – there are also vulnerabilities like Shellshock that enable cyber attackers to create what seem to be legit keys. And like house keys, SSH keys can be stolen.
This is why we provide a free Discovery and Audit tool that addresses every privileged account, password and SSH key across the entire network. It’s critical to document the age of existing keys, map relationships between users and systems, and determine which keys pose a risk – either because they’re outside of the security policy or because they’re illegitimate keys that should never have been created.
Since we’re potentially talking about more than one million keys on average and this amount of data would be nearly impossible to dig through, we created an SSH Key Trust Map. This visual display shows every SSH key (including the orphaned ones) and what technology trusts each key, enabling access to privileged accounts.
So if you’re trying to get a handle on your company’s exposure to unsecured SSH keys, we can help. Our solution discovers, secures and manages SSH keys as well as other privileged credentials in a single, integrated platform to identify, manage and protect against advanced external attackers and malicious insiders.
To learn more, read about CyberArk SSH Key Manager.