Bad SSH Key Management Leaves Databases At Risk

  /     /     /  
Publicated : 22/11/2024   Category : security


Bad SSH Key Management Leaves Databases At Risk


Not enough oversight of keys leaves SSH clients open to abuse



A gaping hole in the way enterprises govern the use of one of ITs least sexy but most used access control and encryption protocols is leaving many sensitive database servers and other network devices at serious risk.
Secure Shell (SSH) -- a Swiss army knife in the arsenal of many an IT department -- is best known for aiding in the creation of encrypted tunnels to secure remote access and file transfers, but has gradually gained even more acceptance as a way to secure machine-to-machine connections to help enterprises move large amounts of valuable and sensitive data.
But experts say that enterprises do such a poor job of managing the public/private key pairs upon which the protocol depends that theyre putting many of their most sensitive data assets at risk, including database servers that use SSH to connect with applications that tap into them.
According to Charles Kolodgy, an analyst for IDC, at most enterprises the internal means by which organizations manage their SSH keys are often clumsy and decentralized. Whats more, when organizations do take steps to secure use of keys by central access by only a few privileged administrators, they often dont monitor those privileged insiders for policy violations, creation of rogue keys, or other suspicious behavior that could put the security of SSH communications in jeopardy.
Thats a scary thought, considering how much trust is put into SSH as an authenticator.
[Why do data breach costs continue to grow? See
Negligence, Glitches Push Up Cost Of Breaches Worldwide
.]
An interesting unintended consequence of SSH is that an SSH connection can be used to bypass access control mechanisms such as password-based systems, Kolodgy recently wrote. If a system account -- operating systems, middleware, databases, and applications for running processes -- has a key association, a user can make a connection to the system account, circumventing the standard password-based authentication. This access is made possible because the SSH key association provides acceptable authentication.
This potential IAM end-around leaves databases particularly vulnerable, says Jason Thompson, director of global marketing for SSH Communications Security.
Lets say youre dealing with a large database environment and youve got an SSH client on that particular database server, and theres a key someone has access to, they could potentially get in there and pull all that information out of the database, he says. Theyre going to be able to do it in an encrypted fashion, and theyre going to look like an authorized user.
According to Thompson, this type of vulnerability stemming from poor governance of the key management process is exacerbated by the fact that SSH is so heavily used in machine-to-machine traffic. He says it is a common misperception that SSH is primarily driven by interactive human usage, but the truth is that user traffic makes up less than 20% of SSH traffic in the enterprise. The rest is driven by automated machine-to-machine transactions.
What that means is that even though it is machine-to-machine traffic that the keys are being utilized for, an individual could hijack that encrypted network and gain access to that dedicated machine-to-machine traffic, he says. If they got into a large environment with a key with very high level of privilege, theyre going to have pretty much unfettered access to a large swath of the environment.
The bottom line is that organizations have to do a better job managing keys and monitoring how theyre used.
Organizations categorically do not have a management system in place that continuously monitors and manages SSH keys within their networks, said Jeff Hudson, CEO of Venafi. Those networks often have thousands of systems utilizing SSH for elevated and privileged access. This improper management of trust technologies has created a gaping hole that is the target of advanced persistent threats.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Bad SSH Key Management Leaves Databases At Risk