Businesses Fail to Properly Secure, Assess SSH: ISACA

Frequently used but underappreciated, Secure Shell is rarely secured, assessed, documented, or managed in a systematic way, researchers report.

Most businesses use the Secure Shell (SSH) technology, a cryptographic protocol designed to enable secure file transfers and remote communications. However, its rare they appropriately secure, document, routinely assess, and manage SSH, as reported in a new
ISACA paper
released Tuesday.
SSH was developed as a secure alternative to telnet and rsh/rexec. Its primarily used to allow a remote command shell (for example, the Bourne shell or C shell) over a network connection. It also allows port-forwarding capability and implements SFTP to allow secure file transfer.
Its essential for security leaders to ensure SSH is securely deployed and monitor its usage so it continues to protect against man-in-the-middle attacks, isnt misused by privileged insiders, or any number of other troubles. However, ISACA points out several challenges in doing all this well.
For one, businesses are struggling to manage and track SSH cryptographic keys. SSH is natively supported by Amazon Web Services, Google Cloud, and other service providers that offer virtual Linux hosts. Each SSH server has its own key to authenticate the device to clients and as SSH hosts increase on premise and in the cloud, complexities of key management will grow.
There is also a challenge in deciding who is responsible for SSH keys. Usually its unclear who should handle tasks like managing key inventory and usage, a complexity that underscores the need to integrate controls and processes into broader control management, ISACA explains.
SSH is critical from a security perspective but generally invisible to the business; as a result, executives tend to overlook it. Its necessary for system administrators to operate, but how its managed doesnt usually affect business processes. This can make it tough to ensure SSH gets executive attention and is addressed in risk management and audit planning.
Read more about SSH challenges and considerations by looking at the full report
here
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Businesses Fail to Properly Secure, Assess SSH: ISACA