SSH Blog

Showing Articles: 1625 of 25

Apr 30 2014

Free Can Make You Bleed

By now anyone concernedwith internet security has heard about the Heartbleed security vulnerability in OpenSSL.  What you may not be aware of is how much money and personal information is riding on this “free” security program and others like it (OpenSSH).  Free is not usually a bad thing, but it can be when it causes the software your business depends on to be under resourced…

Keep Reading

Apr 27 2014

Privileged Users – Not Malicious But Still a Threat

One of challenges security architects face is finding the right balance between security and end user convenience. This conflict is typified by the example of password policies. A too stringent policy drives users to write down their passwords on sticky notes (thus defeating the security objective) and a too weak policy leaves passwords exposed to cracking…

Keep Reading

Apr 10 2014

SSH Communications Security Comments on Heartbleed Vulnerability

Key Facts: 

  • SSH Communications Security’s products are not affected by the Heartbleed flaw. Customers are advised to patch any server where the vulnerable OpenSSL software is installed.
  • Due to the pervasive nature of the Heartbleed vulnerability, the length of time the flaw has been in place and the broad access that an attacker could potentially obtain, SSH Communications Security is recommending that all Secure Shell keys used to establish trust relationship with affected systems should be changed immediately after the Heartbleed patch has been installed, and should be a part of your organization’s standard remediation…

Keep Reading

Apr 4 2014

Five Reasons Why You Should Monitor & Control [All of] Your Secure Shell Traffic

How many times have we heard “the perimeter isn’t secure”? In fact, with BYOD, cloud and the extended enterprise, it’s hard to define what the perimeter is anymore.  The concept of a porous perimeter that can’t be trusted is the foundation of the Zero Trust model of security and many organizations are adopting this approach. Here are five reasons why monitoring and controlling Secure Shell should be included in your organization's Zero Trust…

Keep Reading

Mar 18 2014

People Centered Security: Themes from The Gartner IAM Summit

Growing up, we get a lot of conflicting advice. We are told  “look before you leap” but also “nothing ventured nothing gained”. The book of clichés is littered with other examples. The world of Identity and Access Management is similarly conflicted. On the one hand, IAM  should be transparent to the user and simple to administer. On the other hand, IAM must enforce the principle of least privilege. These goals are mutually exclusive. Why? It is just too complex to define specifically the fine grained access each user needs in order to perform their job and manage that access over time in a dynamic work environment. The result is too many job roles, too many exceptions and ultimately weaker, not stronger…

Keep Reading

Mar 17 2014

Key Based Trust from a Process-Driven Goalkeeper's Perspective

Like for any goalkeeper, the worse thing - other than a torn ACL - is getting scored on. During my playing days, I was obsessed with the concept of how to organize my defense in a way to minimize goals against as well as minimize opportunities of my opponents. My teammates used to joke and wonder how I played at the level I did. I was not particularly fast or strong, did not have particularly great hands and was not super athletic in any way. But I was quite good at programming my defense and midfield to run a repeatable process to make it very difficult for opponents to penetrate. Unlike soccer, where you are most likely going to get scored on at some point, businesses must keep a zero goals against average for their entire…

Keep Reading

Mar 4 2014

RSA Conference 2014 Wrap Up

This year’s RSA Conference 2014 was filled with energy and great insights as well as controversy. Here are a few of the trends and topics that I saw at this year’s show.

Energy: Encryption and access controls are up there at the top of the list
There was a huge uptick in the overall energy at the show. Our booth was inundated with people asking questions and wanting to learn more about our…

Keep Reading

Feb 11 2014

APT The Mask (aka Careto) Targets Secure Shell Keys

Kaspersky Labs recently revealed the details of a sophisticated APT named “The Mask” or by its Spanish name “Careto”. The Mask is known to have infected at least 380 unique victims in over 31 countries. In operation since 2007, the primary targets of this APT are government institutions, diplomatic offices, energy companies, research institutions, private equity firms and political activist organizations. The sophistication and targets of the APT suggest it is the work of nation-state actors as opposed to criminal…

Keep Reading

Feb 10 2014

Think Back-end Security from an Enterprise Perspective

As I travel and talk to our existing and expanding customer base I am noticing something that I did not see before. In my meetings and with technical staff and management I am noticing an exciting trend of more and more distributed network and server staff becoming interested in System z. The replace the mainframe crowd seems to realize that these “dinosaurs” cannot be replaced anytime soon and are starting to try to understand, integrate and embrace what was a dying technology. This presents a challenge to us System Z folk in how we open up our once vaulted…

Keep Reading

Feb 9 2014

Warfare on the Virtual Battlefield

At last year’s Gartner Risk Management Conference in the DC metro area, I attended a seminar where some of Gartner’s analysts were looking out on the horizon – 2020 to be exact – to give their perspective on where CyberSecuity was heading.  Gartner basically identified two uncertain forces that they think will impact their potential…

Keep Reading