SSH is a powerful access protocol that was developed some 20 years ago by Tatu Ylonen of Finland. The protocol’s primary function is to provide trusted access and encrypt communication in transit to prevent man-in-the-middle attacks. Once a connection is established, SSH effectively creates an encrypted tunnel to facilitate secure communication between two points. Since it’s development, the SSH protocol has grown so much in popularity that SSH now comes pre-installed in every Unix, Linux, Mainframe, Mac, and most Network Devices.
The Responsibility Gap
Since SSH comes pre-installed on servers and devices most organizations do not have any group or individual responsible for monitoring SSH activities. In fact, most businesses make the leap that SSH = Encryption and Encryption = Security. In this day and age, who doesn’t want more encryption and security? The premise that encryption alone negates the need for vigilance and oversight of SSH use is dangerously flawed. Here is why, SSH does encrypt communication but the real formula of SSH is best represented by a more accurate equation of SSH = Access. SSH access comes in two variants: 1. Interactive (Human to Machine) and 2. Non-Interactive (Machine to Machine). Furthermore, access to critical resources and data needs to be managed, monitored and controlled. Thus, closing the SSH responsibility gap should be a Tier 1 priority for an enterprise.
Knowing the Risks
SSH functions by establishing key pairs consisting of a private and public key. To understand the function of these keys it’s best to use an analogy: A public key is similar to a lock on a door, whereas a private key is similar to a physical key you keep in your pocket. Presenting a matching private key to a public key grants establishes an encrypted connection.
- Keys are Self-Provisioned – How comfortable would you be allowing any employee or consultant access to critical applications?
- SSH Keys Don’t Expire – A key pair created some 20 years ago still work today.
- SSH Encryption bypass security controls – Those security tools you spent millions of dollars on, yeah they don’t work on SSH encrypted traffic effectively creating a security blind spot.
- SSH Tunneling – (just what the name implies) enables traffic to traverse routers and avoid being blocked.
- SSH Keys Are Passed Around – SSH keys are often copied and shard, preventing you from knowing who did what when.
- Root Level Access: SSH can provide root (command) level access to systems and data
In short, in the wrong hands, SSH can present the ultimate doomsday scenario for any business. Which is, providing bad actors with the ability to do all sorts of nefarious things beyond detection within this security blind spot created through SSH. Fortunately, SSH Communications Security, the inventors of the protocol have developed commercial solutions to help you mitigate these risks.