October 30, 2014 | Security and Risk | John Worrall
By John Worrall
IT staff come and go – normal attrition, ending of a contract, switching providers – however, the millions of SSH keys they created while on the job live forever…unless you have a way to discover what keys still exist and manage them properly. SSH keys are an essential tool that IT rely on to do their job so they need to be secured like any other privileged credential.
One of the critical features of our Privileged Account Security Solution v9 release is proactive SSH key rotation, which focuses on eliminating the risk of permanent backdoors that lead directly to critical systems. Just like other privileged credentials, SSH keys are often created and then forgotten about.
Case in point – a colleague was recanting a story of a past job change where he left his former employer with thousands of SSH keys and was never asked to turn them over or kill them outright! They did eventually ask for a full list of keys….however, shutting them down was going to be a manual process.
While this is an extreme example of how SSH keys can be mishandled across organizations, it illustrates the potential security risk posed here. Just think about how often IT staff leave to go work for a competitor. A more common scenario is that IT staff typically store private SSH keys on their desktops or laptops. If one of their vulnerable endpoints were to become compromised, a targeted attacker could locate the private key, steal it and use it to advance an attack against the organization. As a result, SSH key rotation is a necessary part of every security strategy.
The prospect of frequently rotating a million keys can be daunting. Fortunately, once the SSH keys are consolidated under one central management system, this can be managed automatically, pushing out all new SSH keys with just one click of a button.
SSH keys are no different from other privileged credentials in that you need to proactively manage them. Find out more about how we can help you secure and manage your SSH keys.