SSH Risk Assessment™
SSH Risk Assessment is a security assessment service that delivers a detailed analysis of risks around SSH (Secure Shell) mismanagement in an organization. It evaluates the likelihood and likely impact of compromise. The service uses SSH.COM's unique advanced scanning software and provides a detailed report, data visualizations, compliance checklists, and priorities for risk mitigation.
Why do you need to assess SSH key risk?
SSH keys are an obiquitous access credential that has gone unmanaged in many organizations for years. Several of our customers have millions of SSH keys in their environment. Even smaller organizations are often surprised by how many they have. We find that typically about 10% of the keys grant root access and about 90% of keys should be no longer in use but persist as a vulnerability and continue to grant access.
The most common way for hackers to spread within an enterprise is by stealing credentials, such as passwords, SSH keys or Active Directory tokens. Hacking tools, such as the leaked CIA hacking tools are often designed to steal SSH keys and their passphrases. SSH keys and poorly managed or unmanaged SSH environments are a popular target for hackers. Just one root access key can give a hacker access to an enterprise's critical systems and data undetected.
The impact of an SSH key-related breach can be severe. SSH keys typically grant command-line access, often to privileged accounts, database accounts, service accounts, and administrator accounts. An attacker can steal data, inject fraudulent data, subvert encryption, leave persistent backdoors, and even destroy the server. In poorly managed and unmanaged environments, the way SSH keys are configured enables attackers to spread throughout most of the server environment, including to disaster recovery data centers and backup systems.
Our approach helps decsion-makers understand the unique circumstances of their organization, meet the needs of internal and external audits, gain and remain compliant and take a proportionate approach to prioritizing SSH in the risk portfolio.
Anonymized data visualztions from real customer environments
Access from DEV to PROD
The blue connections in this image are access from DEV (blue) to PROD (green).
Access between servers
This image shows several central servers that are able to access many of the other central servers and a large number of peripheral servers.
SSH Risk Assessment™ service
SSH Risk Assessment is an assessment service that addresses this need to have more information around the use of SSH and key-based authentication within your organization. It leverages our in-depth technology expertise, our industry leading IP, our custom-developed scanning and reporting software, and our wide-ranging experience with thousands of customers, to provide a service that is fast, efficient, and effective. You also get actionable information that helps convince higher management that addressing the issue is a priority.
- Fast - Completed in a few days and requires only a few hours of your staff time.
- Non-invasive - Our tools do not require software agents to be installed and do not make any changes on your hosts. No private keys are collected or moved.
- Comprehensive - You get an analysis of the most significant risks including compelling visualizations of trust relationships and compliance roadblocks.
- Prioritized - We tell you what to focus on first and why.
- Safe - No information or data leaves your control.
SSH Risk Assessment is the first step on the path to mitigation of SSH key risk and compliance. To keep control and automate the SSH key lifecycle we offer solutions, including Universal SSH Key Manager and PrivX cloud access management software.
What's included in our reports?
|Key management||Review and analysis of policies and procedures for lifecycle management of public/private key pairs|
|Separation of duties||Scan and discovery of any SSH access that crosses between dev and prod environments|
|Authorizations to root||Discovery of all keys authorized for root access|
|Transitive trust analysis||Analysis of which keys provide broadest access into the network|
|Key size report||Report and statistics on key sizes. Weak keys highlighted.|
|Key age report||Analysis and statistics on key age. Keys older than 2 years and older than 5 years highlighted.|
|Key protection analysis||Report on private keys stored in clear text and/or transmitted in clear text|
|Least privilege analysis||Review of service and root account access authorizations|
|Privilege escalation||Review of whether current SSH configurations and controls prevent unintended escalations of access|
|SSH software management||Report on SSH versions in use. Identifies any insecure versions that should be upgraded.|
|Compliance||Report on potential audit findings for selected compliance mandates (PCI DSS, Federal Cybersecurity Framework, NIST 800-53, MAS, BASEL II & III, and others)|
|Summary and recommendations||Highlight most risks and compliance issues, recommendations and alternatives for remediation|
|Onsite consultation||Our consultant will meet with you to review the findings and recommendations|
Supported platforms for scanning
- HP-UX 11v1, 11v2, 11v3
- IBM AIX 5.3, 6.1, 7.1
- Oracle Solaris 8, 9, 10, 11
- Oracle Enterprise Linux 5.4, 5.5, 5.6, 5.7
- Red Hat Enterprise Linux 4, 5, 6, 7
- SUSE Linux Enterprise Server 9, 10, 11, 12
Supported SSH versions for scanning
- Tectia SSH 6.0 or newer
- OpenSSH 4.0 or newer
All scanned systems must have Perl 5.6 or newer installed.
We have scanned the vast network environments of some of the world's largest financial, industrial and retail companies with thousands and thousands of servers. Please get in touch to discuss your needs.
Request more information
For more information, please use our contact us form >