SSH Risk Assessment™
SSH Risk Assessment is a security assessment service that delivers a detailed analysis of risks around SSH (Secure Shell) mismanagement in an organization. It evaluates the likelihood and likely impact of compromise. It helps make decisions about the priority of addressing the issues.
Why do you need to assess SSH risks
SSH keys are an obiquitous access credential that has gone unmanaged in many organizations for years. Several of our customers have millions of SSH keys in their environment. Even smaller organizations are often surprised by how many they have. Typically about 10% of the keys grant root access and about 90% of the keys are no longer being used by continue to grant access.
The most common way for hackers to spread within an enterprise is by stealing credentials - passwords, SSH keys, and Active Directory tokens. Recently leaked CIA hacking tools were designed to steal SSH keys and their passphrases. Many other hacking tools do the same. The likelihood of keys being misused is thus high.
The impact of an SSH key compromise can be severe. The keys grant command-line access, often to privileged accounts, database accounts, service accounts, and administrator accounts. Root compromise means total loss of confidentiality, integrity, and confidentiality on that system. The attacker can steal data, inject fraudulent data, subvert encryption, leave persistent backdoors, and even destroy the server.
The way SSH keys are configured in many enterprises enables attackers to spread throughout most of the server environment, including to disaster recovery data centers and backup systems. This can take a Fortune 500 enterprise down for months. The damage to shareholders could be billions of dollars.
Given that both the likelihood of compromise and the impact of compromise are very high for improperly mananaged SSH keys, addressing the issue should be a top priority. The risk assessment helps understand the unique circumstances of each organization.
All compliance regulations and industry best practice also require understanding and controlling who can access what systems and data in the enterprise.
Anonymized access graphs from real customer environments
Access from DEV to PROD
The blue connections in this image are access from DEV (blue) to PROD (green).
Access between servers
This image shows several central servers that are able to access many of the other central servers and a large number of peripheral servers.
SSH Risk Assessment™ service
SSH Risk Assessment is an assessment service that addresses this need to have more information around the use of SSH and key-based authentication within your organization. It leverages our in-depth technology expertise, our custom-developed scanning and reporting software and our wide-ranging experience with thousands of customers to provide a service that is fast, efficient, and effective. You also get actionable information that helps convince higher management that addressing the issue is a priority.
- Fast - Completed in 5 days and requires only a few hours of your staff time.
- Non-invasive - Our tools do not require software agents to be installed and do not make any changes on your hosts. No private keys are collected or moved.
- Comprehensive - You get an analysis of the most significant risks including compelling visualizations of trust relationships.
- Prioritized - We tell you what to focus on first and why.
- Safe - No information or data leaves your control.
After the assessment, you may choose to use the Universal SSH Key Manager or PrivX On-Demand Access Manager to bring SSH access under control. You may also want to look at how to prevent accessing the internal network from the public Internet using SSH tunneling.
What you get
|Key management||Review and analysis of policies and procedures for lifecycle management of public/private key pairs|
|Separation of duties||Scan and discovery of any SSH access that crosses between dev and prod environments|
|Authorizations to root||Discovery of all keys authorized for root access|
|Transitive trust analysis||Analysis of which keys provide broadest access into the network|
|Key size report||Report and statistics on key sizes. Weak keys highlighted.|
|Key age report||Analysis and statistics on key age. Keys older than 2 years and older than 5 years highlighted.|
|Key protection analysis||Report on private keys stored in clear text and/or transmitted in clear text|
|Least privilege analysis||Review of service and root account access authorizations|
|Privilege escalation||Review of whether current SSH configurations and controls prevent unintended escalations of access|
|SSH software management||Report on SSH versions in use. Identifies any insecure versions that should be upgraded.|
|Compliance||Report on potential audit findings for selected compliance mandates (PCI DSS, Federal Cybersecurity Framework, NIST 800-53, MAS, BASEL II & III, and others)|
|Summary and recommendations||Highlight most risks and compliance issues, recommendations and alternatives for remediation|
|Onsite consultation||Our consultant will meet with you to review the findings and recommendations|
Supported platforms for scanning
- HP-UX 11v1, 11v2, 11v3
- IBM AIX 5.3, 6.1, 7.1
- Oracle Solaris 8, 9, 10, 11
- Oracle Enterprise Linux 5.4, 5.5, 5.6, 5.7
- Red Hat Enterprise Linux 4, 5, 6, 7
- SUSE Linux Enterprise Server 9, 10, 11, 12
Supported SSH versions for scanning
- Tectia SSH 6.0 or newer
- OpenSSH 4.0 or newer
All scanned systems must have Perl 5.6 or newer installed.
Scope up to 500 servers. More can be custom quoted.