The SSH Customer Support site will be under Maintenance Tuesday Aug. 26th from 1:00pm EDT to 7:00pm EDT. Read More

SSH Blog

Showing Articles: 115 of 24

Aug 20 2014

Heads Up for Federal CISOs and CIOs: NIST Publishes Guidelines for SSH Key Management

For those of us who follow the activities of NIST, yesterday marked the arrival of a remarkable document with a characteristically bland NIST-style title:  “Security of Automated Access Management Using Secure Shell”. The release of this report (NIST Interagency Report 7966) has great significance for organizations that use Secure Shell – which is just about every medium to large enterprise, most government agencies and many large non-profits. So what is…

Keep Reading

Aug 18 2014

Black Blob of Death Threatens Data Center Security

Researchers at SSH Communications Security recently uncovered a serious security vulnerability that impacts data centers in the vast majority of banks and financial institutions. Okay, so admittedly, it almost sounds like a story from The Onion or some made up news by a bored blogger. But this really isn’t a satirical post about the over-hyping of security issues or fake news. The Black Blob of Death is…

Keep Reading

Aug 1 2014

With “Backoff” POS Malware, Attackers Use Your Security Tools Against You

Yesterday the US Department of Homeland Security issued a warning to US businesses against a new POS malware attack called “Backoff”. The attackers are targeting common remote access systems like Microsoft Remote Desktop, Apple Remote Desktop, Chrome Remote Desktop, Splashtop, Pulseway and join.me. To make matters worse, this little bug is difficult for anti-virus software to…

Keep Reading

Jul 23 2014

Snowden Calls On Employees To Leak Company Secrets

During the Hackers On Planet Earth (HOPE) conference, Edward Snowden and Daniel Ellsberg called on insiders (employees) to spill corporate and government secrets.  Snowden is calling for the development of encryption and obfuscation tools to make this easier. The goal is to anonymously expose malfeasance without any repercussions. They believe that people should be able to do this without paying any price and without being held accountable. Superficially this all sounds like a good idea, but who gets to decide what should be leaked or stolen and what constitutes improper behavior?  What else could be leaked or…

Keep Reading

Jul 15 2014

Now Distributed People Can Stop Complaining About z/OS

Many companies have a mix of distributed platforms and mainframes (z/OS) in their environment. Most distributed users do not understand z/OS too well and don’t want to, but they still have to deal with it. This is a frustrating reality for distributed and z/OS users alike. That is until now!

We have come up with a solution for this type of problem based on customer feedback. Distributed and mainframe can now securely submit JCL jobs to z/OS by simply executing a put command from any distributed or z/OS platform.   As requested, the distributed user does not need to know anything about z/OS to do this. Your z/OS system programmer can write some reusable JCL jobs for your distributed users to use, maybe with some easy to change parameters. Then any distributed user can submit a job from any platform or client without ever logging into a z/OS…

Keep Reading

Jul 6 2014

The Mainframe and IDM

Identity Management Projects always result in lower costs and Streamlined Security Administration.

Where have you heard that one before?

Since the mid 1990's there has been a talent drain in the Mainframe Security Administration field.   Concerned IT Management, looking for ways of filling the void basically figured that automating User Provisioning and Credentials could fill the void. To meet the Customers needs Large Software Companies developed centralized Identity and Access management tools. In terms of the Mainframe it meant putting a common Windows GUI in front of ACF-2 Top secret and RACF for inexperienced Administrators to drag and drop ID's and…

Keep Reading

Jul 3 2014

Backdoor SSH Root Key Snafus Much More Common Than You Think

It appears as though a hard-wired Secure Shell private key has created a bit of a kerfuffle for folks running Cisco's VoIP manager This one made it in the headlines but because the affected system was identified and limited in scope to a single product line, remediation steps can be quickly undertaken and the impact minimized. Now imagine if an entire data center had unknown or misplaced private keys floating about. Well, it is more common than you think and the risks are far greater because it’s not just a single product that has the issue, every server in your environment has the…

Keep Reading

Jun 13 2014

All Threats are Insider Threats

Back in the day when the enterprise security model was a hardened perimeter protecting the internal "trusted" network, security vendors seized on the notion that businesses need protection from their employees - the insider threat.

Studies were commissioned to show how much malicious insiders were costing businesses. More recent studies indicate the majority of data breaches are carried out by…

Keep Reading

May 28 2014

Identity & Access Management: Don’t get Death Starred!

Many things seem impenetrable until a “small vulnerability” is exploited. The phrase “small vulnerability” almost sounds like an oxymoron when you think about it.  Take the fable of one Luke Skywalker and the Death Star.  In the story Luke exploited a small two-meter-wide thermal exhaust port in the Death Star’s design to destroy the ultimate weapon and break the back of the Galactic Empire in their moment of triumph. To make matters worse the Empire was warned about this “small vulnerability”, but the Galactic bureaucrats reasoned that the risk was small and the whistleblowers were overestimating rebels’ chances…

Keep Reading

May 19 2014

Just A Heartbleed Away: The Dirty Little Secret in IT Security is Creating A Major Risk

One of the major lessons learned from the Heartbleed Bug is just how vulnerable critical IT components, like encryption, are. The potential impact of these vulnerabilities can be severe and far-reaching. To make matters worse, a lack of management controls and visibility, especially in ubiquitously deployed software, enables cyber criminals…

Keep Reading

May 14 2014

Eliminating FTP Enterprise Wide: The Panacea is Closer than You Think

FTP is one of the most significant security risks in many enterprise environments. Despite long standing open audit findings and internal mandates, a surprising number of organizations still pass customer data, credit card information, intellectual property and other sensitive information in the clear. Failing to prioritize the elimination of FTP can be traced to the misconceptions…

Keep Reading

May 8 2014

Invisible at Infosecurity Europe 2014? Definitely Not

The major tube strike that was conducted in London during the first two days of Infosecurity Europe 2014 didn’t seem to have had an impact on the visitors count. Held from April 30 to May 1 at Earl’s Court, Infosecurity Europe is the biggest IT Security related exhibition in Europe, and supposedly brought close to 15,000 visitors there this year. And of course, we participated with a stand and speaking sessions, not to miss out on the opportunity to meet up with customers and…

Keep Reading

Apr 30 2014

Free Can Make You Bleed

By now anyone concernedwith internet security has heard about the Heartbleed security vulnerability in OpenSSL.  What you may not be aware of is how much money and personal information is riding on this “free” security program and others like it (OpenSSH).  Free is not usually a bad thing, but it can be when it causes the software your business depends on to be under resourced…

Keep Reading