Your browser does not allow storing cookies. We recommend enabling them.

SSH Risk Assessment™

SSH Risk Assessment is a security assessment service that delivers a detailed analysis of risks around SSH (Secure Shell) mismanagement in an organization. It evaluates the likelihood and likely impact of compromise. It helps make decisions about the priority of addressing the issues.

Why do you need to assess SSH risks

SSH keys are an obiquitous access credential that has gone unmanaged in many organizations for years. Several of our customers have millions of SSH keys in their environment. Even smaller organizations are often surprised by how many they have. Typically about 10% of the keys grant root access and about 90% of the keys are no longer being used by continue to grant access.

The most common way for hackers to spread within an enterprise is by stealing credentials - passwords, SSH keys, and Active Directory tokens. Recently leaked CIA hacking tools were designed to steal SSH keys and their passphrases. Many other hacking tools do the same. The likelihood of keys being misused is thus high.

The impact of an SSH key compromise can be severe. The keys grant command-line access, often to privileged accounts, database accounts, service accounts, and administrator accounts. Root compromise means total loss of confidentiality, integrity, and confidentiality on that system. The attacker can steal data, inject fraudulent data, subvert encryption, leave persistent backdoors, and even destroy the server.

The way SSH keys are configured in many enterprises enables attackers to spread throughout most of the server environment, including to disaster recovery data centers and backup systems. This can take a Fortune 500 enterprise down for months. The damage to shareholders could be billions of dollars.

Given that both the likelihood of compromise and the impact of compromise are very high for improperly mananaged SSH keys, addressing the issue should be a top priority. The risk assessment helps understand the unique circumstances of each organization.

All compliance regulations and industry best practice also require understanding and controlling who can access what systems and data in the enterprise.

Anonymized access graphs from real customer environments

Access from DEV to PROD

The blue connections in this image are access from DEV (blue) to PROD (green).

Access from Dev to Prod

Access between servers

This image shows several central servers that are able to access many of the other central servers and a large number of peripheral servers.

SSH Access that Looks Like Cat's Yarn Ball

SSH Risk Assessment™ service

SSH Risk Assessment is an assessment service that addresses this need to have more information around the use of SSH and key-based authentication within your organization. It leverages our in-depth technology expertise, our custom-developed scanning and reporting software and our wide-ranging experience with thousands of customers to provide a service that is fast, efficient, and effective. You also get actionable information that helps convince higher management that addressing the issue is a priority.

  • Fast - Completed in 5 days and requires only a few hours of your staff time.
  • Non-invasive - Our tools do not require software agents to be installed and do not make any changes on your hosts. No private keys are collected or moved.
  • Comprehensive - You get an analysis of the most significant risks including compelling visualizations of trust relationships.
  • Prioritized - We tell you what to focus on first and why.
  • Safe - No information or data leaves your control.

After the assessment, you may choose to use the Universal SSH Key Manager or PrivX On-Demand Access Manager to bring SSH access under control. You may also want to look at how to prevent accessing the internal network from the public Internet using SSH tunneling.

What you get

Data itemExplanation
Key managementReview and analysis of policies and procedures for lifecycle management of public/private key pairs
Separation of dutiesScan and discovery of any SSH access that crosses between dev and prod environments
Authorizations to rootDiscovery of all keys authorized for root access
Transitive trust analysisAnalysis of which keys provide broadest access into the network
Key size reportReport and statistics on key sizes. Weak keys highlighted.
Key age reportAnalysis and statistics on key age. Keys older than 2 years and older than 5 years highlighted.
Key protection analysisReport on private keys stored in clear text and/or transmitted in clear text
Least privilege analysisReview of service and root account access authorizations
Privilege escalationReview of whether current SSH configurations and controls prevent unintended escalations of access
SSH software managementReport on SSH versions in use. Identifies any insecure versions that should be upgraded.
ComplianceReport on potential audit findings for selected compliance mandates (PCI DSS, Federal Cybersecurity Framework, NIST 800-53, MAS, BASEL II & III, and others)
Summary and recommendationsHighlight most risks and compliance issues, recommendations and alternatives for remediation
Onsite consultationOur consultant will meet with you to review the findings and recommendations

Technical specifications

Supported platforms for scanning

  • HP-UX 11v1, 11v2, 11v3
  • IBM AIX 5.3, 6.1, 7.1
  • Oracle Solaris 8, 9, 10, 11
  • Oracle Enterprise Linux 5.4, 5.5, 5.6, 5.7
  • Red Hat Enterprise Linux 4, 5, 6, 7
  • SUSE Linux Enterprise Server 9, 10, 11, 12

Supported SSH versions for scanning

  • Tectia SSH 6.0 or newer
  • OpenSSH 4.0 or newer

All scanned systems must have Perl 5.6 or newer installed.

Scope up to 500 servers. More can be custom quoted.

Request more information

Want to see how PrivX can help your organisation?

Are you a DEVELOPER accessing cloud hosts, are you a IT ADMIN managing access & credentials in your corporation, are you BUSINESS MANAGER and want to save money or are you responsible of IT SECURITY in DevOps