Page 20 - Cyber Defense eMagazine - September 2017
P. 20

What’s Your Strategy?

               Your  strategy  should  be  to  mitigate  the  damage  a  sustained  attack  can  cause  after  the  initial
               breach by protecting the credentials used to spread the attack across your network. This strategy
               protects  your  network  against  both  external  and  insider  threats.  It  makes  no  sense  to  prioritize
               security against ever-changing threats, such as the latest hacking exploit or malware, while leaving
               what the attackers are really after, credentials like SSH keys, unguarded.

               To effectively address SSH key management issues in your environment, you need to understand,
               first and foremost, who has access to your most critical infrastructure. It’s important to get control
               of which SSH key-based access may have root access in your environment and, more importantly,
               how deep the transitive trust of this access extends. The question to be answered here is, “If I
               breach one root key, how deeply can I penetrate into the environment?”

               You also need to understand which SSH key-based trusts are for interactive usage, and which are
               related  to  service  accounts.  Each  key-based  trust,  regardless  of  its  usage,  should  be  assigned
               back to an individual owner in the environment to establish accountability.
               Where SSH user key-based trusts are in use, it is critical to ensure the clear separation of duties.
               This means having a clear understanding of what key-based connections may be running across
               development  to  production  environments,  and  re-establishing  clear  IP  source  and  command
               restriction accountability of all key-based access within the production environment.

               Playing it Safe

               Leveraging unmanaged SSH keys allows the attacker to establish and expand a foothold in the
               target networks, and an attack like this may quickly spread through your entire environment. To
               avoid  becoming  the  next  victim,  design  a  robust  SSH  key  management  strategy  using  the
               principles outlined above.


               About the Author:

               John Walsh serves as director of product marketing at SSH
               Communications  Security,  where  he  is  focused  on  raising
               industry  awareness  of  risk  and  compliance  issues  of
               unmanaged  credentials.  John  has  more  than  15  years  of
               experience  in  the  IT  security  industry,  having  held  product
               management,  product  marketing  and  software  engineering
               positions at IBM and SSH Communications Security. Prior to
               joining the company, he worked at IBM, where he obtained a
               patent,  contributed  to  solutions  guides  and  designed  a
               number of key software features for security products such
               as SSH, LDAP, Firewall and Java Cryptography. John holds
               a  BS  in  Computer  Science  from  Binghamton  University  as
               well  as  an  MS  in  Management  Information  Systems  from
               Marist  College. For  more  information  please  visit  the  SSH
               company website at www.ssh.com




                    20   Cyber Defense eMagazine – September 2017 Edition
                         Copyright © Cyber Defense Magazine,  All rights reserved worldwide.
   15   16   17   18   19   20   21   22   23   24   25