SSH Keys: The Overlooked Cyber Security Attack Vector
April 28, 2016 | Security and Risk | Amy Burnis
In a recent CyberArk blog, we explored the critical role SSH keys play in establishing trust between systems, encrypting communication between such systems, and facilitating strong authentication and secure transactions. Despite the critical role SSH keys play, many organizations inadvertently ignore SSH key vulnerabilities and underestimate the prevalent use of SSH within an enterprise.
One particular area where SSH key security may be overlooked is within an organization’s Unix/Linux environment. Often accessed by privileged users outside of the security realm, these systems house some of an enterprise’s most sensitive assets – from databases and FTP servers to web and cloud applications. While many organizations take steps to protect the root user accounts on these systems, individual accounts and credentials – including SSH keys – used to gain root privileges are often overlooked by security teams. This can leave an organization vulnerable to both malicious and accidental damage to critical systems.
This infographic illustrates the powerful, privileged access SSH keys establish. You’ll also find actionable tips for mitigating risks of cyber attacks in Unix/Linux operating environments. To learn more about locking down SSH keys, please visit www.CyberArk.com/SSH for a library of free resources including a White Paper from IDC: Market Spotlight: Minimizing Cybersecurity Risk with Vigilant SSH Key Management.