The National Institute of Standards and Technology (NIST) has issued a set of recommended guidelines for the use of Secure Shell (SSH) in automated access management. These guidelines encourage organizations to proactively protect SSH keys and control SSH sessions to better secure the sensitive data accessed using SSH. Recommended control areas include: Account management Access enforcement Least privilege Auditing and monitoring Risk assessment Identification and authentication This solution brief outlines the NIST guidelines for SSH and explains how CyberArk solutions can help organizations comply with these guidelines.
SSH Key Manager
Unix environments present unique challenges to IT security teams because of their inherently privileged nature. Any security steps taken within these environments must offer proactive protection and detection, but they must do so without interfering with the day-to-day responsibilities of authorized administrators.
Privileged account security solutions offer a balanced approach to help organization better secure, manage and control Unix environments while keeping users productive. This document outlines common challenges within Unix environments, offers recommendations on how to address those challenges, and describes how CyberArk Privileged Account Security solutions can work together to help organizations better secure and manage privileged access within these environments.
This IDC Market Spotlight: Minimizing Cybersecurity Risk with Vigilant SSH Key Management highlights the challenges and risks associated with a lax approach to SSH key management and offers guidance on how organizations can mitigate this risk and improve their security postures.
In this report, IDC acknowledges that “the privileged and often full root access provided by an SSH key demands organizational oversight, control and accountability.” By using SSH key management technology to take control of privileged SSH keys, organizations can effectively:
- Locate and identify SSH keys in the environment
- Detect unexpected SSH key-based connections
- Secure SSH keys to prevent unauthorized access
- Automate SSH key rotation to improve security
- Audit the use of SSH keys to improve compliance
SSH keys provide users and applications with privileged access to critical systems, but all too often these privileged credentials are left unsecured and unmanaged, leaving a gaping hole in any privileged account security strategy. To effectively protect the heart of the enterprise, organizations should proactively protect all their privileged credentials, including both passwords and SSH keys.
This white paper examines:
- Why SSH keys are often left unsecured and unmanaged
- Risks associated with unsecured and unmanaged SSH keys
- Steps organizations can take to protect these privileged credentials, reduce risks and meet audit requirements