SlideShare a Scribd company logo

The Myth of SSH Key Rotation Mythcracker Webcast Series Part 3

Download as PPTX, PDF
SSH Communications Security, profile picture
SSH Communications Security

The document discusses the challenges and myths surrounding SSH key rotation and management, highlighting common misconceptions about security improvements through key rotation and the complexity of implementing it effectively. It emphasizes the importance of continuous monitoring, proper key discovery, and automating key management processes to mitigate risks associated with unauthorized access. Furthermore, it outlines SSH Communications Security's role in providing solutions for access management and the governance of secure shell authentication.

Technology
1 of 25
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
25 February 2016 INTERNAL | SSH Communications Security1 MONTHLY MYTH CRACKER SERIES “THE MYTH OF SSH KEY DISCOVERY” “THE MYTH OF THE PRIVATE KEY” “THE MYTH OF KEY ROTATION” “THE MYTH OF SSH KEY MANAGEMENT AS PART OF THE PRIVILEGED ACCESS MANAGEMENT PARADIGM”
PART 3: THE MYTH OF KEY ROTATION SSH Communications Security2 Matthew McKenna Chief Commercial Officer February 24th, 2016 Joe Scaff Director, Customer Services
WHAT WE WILL COVER • Quick Introduction • Who is SSH Communications Security? • Why is SSH so important? • How do SSH Keys work? • What are the Myths of Key Rotation? • Risk vs. Reward of Key Rotation • How to approach and resolve the challenge • More reading | SSH Communications Security3
WHO IS SSH COMMUNICATIONS SECURITY Quick Facts: • Inventors of the SSH protocol • Listed: NASDAQ OMX Helsinki (SSH1V) • 3,000 customers including 6 of the 10 largest US banks • Original source of OpenSSH What We Do: • Access Management • Access Controls & Key Management • Encrypted Channel Monitoring • Data-in-Transit Encryption We provide the means to discover, monitor and control privileged access and encrypted traffic without disrupting the flow of information, processes or business practices 4
WHAT IS SSH? | SSH Communications Security5 TCP/IP client SSH TCP Tunneling Terminal SFTPSSH server
SSH KEEPS THE WORLD RUNNING 25 February 2016 | SSH Communications Security6 Supply Chain/ 3rd party Access On Premise Cloud
GOOD VS. EVIL SECURE SHELL IS A POWERFUL TOOL THAT HAS POTENTIAL FOR MISUSE CAPABILITY FOR GOOD FOR EVIL Data-in-Transit Encryption Prevent man-in-the-middle attacks and protect sensitive information Blind security operations and forensics teams to malicious behavior Remote access to systems and applications Convenient method for both administrators and developers to access systems and applications Convenient method for malicious insiders and external threats to compromise your systems and applications Command execution Move, copy, delete files and applications for business related purposes Exfiltrate confidential information, deploy malware, delete or damage databases Tunneling Enable application-to- application connectivity Bypass corporate firewall policy
SSH AUTHENTICATION: THE ESSENTIALS | SSH Communications Security8 1) Server authentication: Server proves its identity to the client 2) User authentication: Client proves user’s identity to the server Network Think of the private key as a real key while the public-key resembles a lock SSH is commonly used to grant administrators or automated services access to systems. Typically, every employee is responsible for his own personal key, or rather for all keys that he’s generated, e.g. for test- and production systems. Keys used by services are, at best, only tied organizationally to a person or groups. SSH client SSH server
SSH USER KEY & ACCESS USE CASES | SSH Communications Security9 Interactive SSH login using keys (individual use) SA System Admin login to SSH server DBA Database Admin login to SSH server Individual Developement / Other login to SSH server Root Root user login to SSH server Non- interactive SSH login using keys (automated/process usage) Application Business app login and performing app specific task Monitoring Automated system monitoring application login and performing application specific tasks System Automated system admininstration tasks login and performing app specific tasks
THE MYTHS OF KEY ROTATION? Myth 1: Key rotation makes us more secure Myth 2: Key rotation can be established fairly easily Myth 3: Key rotation should be done automatically Myth 4: Key rotation is a must? Or is there a more clever way? | SSH Communications Security10
MYTH 1: KEY ROTATION MAKES US MORE SECURE. | SSH Communications Security11 Rotation without lockdown simply rotates the problem Continuous Monitoring is key Full visibility of the chain of trust Risk mitigation controls sit with the authorized key
MYTH 2: KEY ROTATION CAN BE ESTABLISHED FAIRLY EASILY | SSH Communications Security12 PROD TO PROD NON-INTERACTIVE SINGLE APPLICATION PROD TO PROD NON-INTERACTIVE CROSS APPLICATION
MYTH 3: KEY ROTATION SHOULD BE DONE AUTOMATICALLY | SSH Communications Security13 “ We want key rotation to be fully automatic” – Customer A “ Wait. We want key rotation to be manual but automatic.” Customer A after deeper consideration. • Interactive SSH user keys • External 3rd party contractor interactive SSH user keys • External 3rd party automated key based access with known one to one connections • Keys unused for X period of time with known one to one connection • Known, continuously monitored, remediated chains of trust for automated processes, with known IP source restrictions Candidates for Automatic Manual but Automatic
MYTH 4: KEY ROTATION IS A MUST. | SSH Communications Security14 Remediation vs. Rotation Access Cryptography Configuration Resilience vs. Security Interactive vs. Automated
HOW TO ADDRESS THE CHALLENGE | SSH Communications Security15 4. Risk versus Reward in Remediation Efforts 5. Discover & Remediate vs. Application Lockdown Approaches 7. Importance of IDM as Part of the Governance Process 1. Project Objectives 2. Establishment of a Policy Baseline 3. The Process 6. Standard Guidance
PROJECT OBJECTIVES Issue Definition Drivers to act Mission Project objectives • Insufficient controls for access to the production estate for interactive and automated access where SSH public key authentication is used. E.g. unauthorized root keys • Lack of continuous monitoring of key based SSH public key based authentication • Lack of standardized recertification process within overall key management framework • Operational risk – internal/external misused root level access where unauthorized key based access exists, however is not visible will have significant operational, reputational and financial impact to the bank • Compliance - PCI ,SOX , MAS mandate unauthorized access to production be remediated • Process standardization- lockdown of key recertification and policy management • Ensure stability of the IT Production Environment by implementation and management of Application Production Access Controls where public key authentication is utilized for interactive and automated access • Standardization of policy for interactive/automated access utilizing SSH public key authentication to production estate • Discover and monitor legacy key based trust relationships across estate • Lock down existing and future access to production estate • Remediate against policy violations • Create process for automation of provisioning, de-provisioning and recertification of key based access • Integration into SSH user key management into IDM framework
SSH USER KEY & ACCESS MANAGEMENT POLICY | SSH Communications Security17 Access Policy Cryptography Policy Configuration Policy
PROCESS | SSH Communications Security18 Define policies Discover Report Monitor Lockdown Remediate Integrate Automate Assess and Discover Control and Remediate Recertify and Govern
THE RISK VERSUS REWARD IN REMEDIATION & ROTATION | SSH Communications Security 19 Risk Reward Decommissioned App Keys DEV to PROD Connections Interactive Jump Server Bypass Keys Unauthorized Root Trust Unused Keys SSH 1 Keys Unknown Trusts Shared Private Keys Weak Encryption Aged Keys
PRIORITIZATION & QUICK WINS FOR RISK REDUCTION & COMPLIANCE 25 February 2016 INTERNAL | SSH Communications Security20 Remediation Item Reward Risk Comment Unauthorized ROOT trust Highest Medium Undesired break of process Decommissioned application keys High Low Often significant numbers, unnecessary exposure SSH1 keys Low/Medium Low Deprecated keys that should not be in use DEV to PROD connections High Low If policy does not permit, fairly easy to implement Interactive jump server bypass keys High Low If policy does not permit, fairly easy to implement Unknown trusts High Low/High Depends on time the environment has been monitored Unused keys High Low/High Depends on time the environment has been monitored Shared private key scenarios Medium High Same rule as rotation if remediating trust Weak encryption Medium High Rotation requires full visibility in to trust chain Aged keys Low High Rotation requires full visibility in to trust chain
DISCOVER & REMEDIATE APPROACH VS. APPLICATION LOCKDOWN APPROACH | SSH Communications Security21 Approach Pros Cons Discover & Remediate Approach • Gain quick visibility of as much as possible across as many platforms as possible • Eliminate high risk items and quick wins in fastest time • Remediation before locked is limited to users with local home directories or clear policy violations Application Lockdown Approach • Stops bleed of unauthorized provisioning most effectively • Highest degree of control of remediation effort • Requires application team involvement • Requires effective communication process and project management for tracking
STANDARD GUIDANCE | SSH Communications Security22 • Single key Pair per authorization • Within same or cross application context to ensure full accountability (Ownership) and recertification. • A From stanza should be added to constrain this relationship. • Single SSH key across multiple servers • Permissible with within a single application and with additional constraints of the From stanza. • Multi-server cross-application usage of a single key pair • Should be remediated, retiring them in favor of dedicated SSH keys for each interfacing application. • In the interim, a From stanza should be added to constrain this relationship. • Interactive User Connections • Jump/PAM servers should be leveraged to access all Prod servers. • Direct access to any production server is not allowed. • Cross-communication between production and non-production environments is not allowed.
IDM INTEGRATION | SSH Communications Security23 APP OWNER HR USER SSH OWNER BUSINESS OWNER APP INFO USER ACCOUNT APP & POLICY INFO KEY DATA IDM Key Manager SOURCE DESTINATION 1. Reconciliation of IDM and Key Manager (daily) 2. Account creation 3. Off-boarding – Account deletion/ ownership changes 4. Unauthorized key replacement and key expiration 5. Account revalidation USE CASES
JUST THE TIP OF THE ICEBERG | SSH Communications Security24 National Institute of Standards & Technology NIST-IR 7966 - Security of Interactive & Automated Access Management Using Secure Shell (SSH) This publication is a public document & free of charge for all: http://dx.doi.org/10.6028/NIST.IR.7966
THE LAST SESSION IN OUR MYTH CRACKER SERIES… 25 Join us for: THE MYTH OF SSH KEY MANAGEMENT AS PART OF THE PRIVILEGED ACCESS MANAGEMENT PARADIGM March 24, 2016 13.00 ET | SSH Communications Security

More Related Content

PPTX
Advanced Privileged Identity Management: Moving Beyond the Gateway Approach t...
SSH Communications Security
 
PDF
SDP Glossary v2.0
Shamun Mahmud
 
PPTX
How to Overcome Network Access Control Limitations for Better Network Security
Cryptzone
 
PPTX
Cryptzone AppGate Technical Architecture
Cryptzone
 
PDF
2019 10-app gate sdp 101 09a
Cristian Garcia G.
 
PDF
CyberArk Cleveland Defend End Point Infection and Lateral Movement
Chad Bowerman
 
PDF
Breaking and entering how and why dhs conducts penetration tests
Priyanka Aash
 
PDF
Achieving Defendable Architectures Via Threat Driven Methodologies
Priyanka Aash
 
Advanced Privileged Identity Management: Moving Beyond the Gateway Approach t...
SSH Communications Security
 
SDP Glossary v2.0
Shamun Mahmud
 
How to Overcome Network Access Control Limitations for Better Network Security
Cryptzone
 
Cryptzone AppGate Technical Architecture
Cryptzone
 
2019 10-app gate sdp 101 09a
Cristian Garcia G.
 
CyberArk Cleveland Defend End Point Infection and Lateral Movement
Chad Bowerman
 
Breaking and entering how and why dhs conducts penetration tests
Priyanka Aash
 
Achieving Defendable Architectures Via Threat Driven Methodologies
Priyanka Aash
 

What's hot (20)

PPTX
Designing A Platform Agnostic HA System
Runcy Oommen
 
PDF
Making Threat Intelligence Actionable Final
Priyanka Aash
 
ODP
Java zone ASVS 2015
Joachim Van der Auwera
 
PPTX
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone
 
PDF
2021 01-13 reducing risk-of_ransomware
AlgoSec
 
PPTX
AppGate: Achieving Compliance in the Cloud
Cryptzone
 
PDF
Orchestrating Software Defined Networks To Disrupt The Apt Kill Chain
Priyanka Aash
 
PDF
Westjets Security Architecture Made Simple We Finally Got It Right
Priyanka Aash
 
PPTX
Cryptography and system security
Gary Mendonca
 
PPTX
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Cryptzone
 
PDF
How To Avoid The Top Ten Software Security Flaws
Priyanka Aash
 
PDF
Beyond the mcse red teaming active directory
Priyanka Aash
 
PPTX
CSA Presentation - Software Defined Perimeter
Vishwas Manral
 
PDF
Implementing An Automated Incident Response Architecture
Priyanka Aash
 
PDF
Stop Translating, Start Defending: Common Language for Managing Cyber-Risk
Priyanka Aash
 
DOCX
CHARLES E DAVIS SailPoint PROFESSIONAL SUMMARY
Chuck Davis
 
PPTX
Owasp top ten 2017
AnukaJinadasa
 
PDF
Microsegmentation from strategy to execution
AlgoSec
 
PPTX
2018 11-19 improving business agility with security policy automation final
AlgoSec
 
PDF
Security precognition chaos engineering in incident response
Priyanka Aash
 
Designing A Platform Agnostic HA System
Runcy Oommen
 
Making Threat Intelligence Actionable Final
Priyanka Aash
 
Java zone ASVS 2015
Joachim Van der Auwera
 
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone
 
2021 01-13 reducing risk-of_ransomware
AlgoSec
 
AppGate: Achieving Compliance in the Cloud
Cryptzone
 
Orchestrating Software Defined Networks To Disrupt The Apt Kill Chain
Priyanka Aash
 
Westjets Security Architecture Made Simple We Finally Got It Right
Priyanka Aash
 
Cryptography and system security
Gary Mendonca
 
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Cryptzone
 
How To Avoid The Top Ten Software Security Flaws
Priyanka Aash
 
Beyond the mcse red teaming active directory
Priyanka Aash
 
CSA Presentation - Software Defined Perimeter
Vishwas Manral
 
Implementing An Automated Incident Response Architecture
Priyanka Aash
 
Stop Translating, Start Defending: Common Language for Managing Cyber-Risk
Priyanka Aash
 
CHARLES E DAVIS SailPoint PROFESSIONAL SUMMARY
Chuck Davis
 
Owasp top ten 2017
AnukaJinadasa
 
Microsegmentation from strategy to execution
AlgoSec
 
2018 11-19 improving business agility with security policy automation final
AlgoSec
 
Security precognition chaos engineering in incident response
Priyanka Aash
 
Ad

Viewers also liked (14)

PDF
Listado
ESTEFANNYDA
 
DOCX
Las demandas que desangran al departamento
Gobernación del Valle del Cauca
 
PPT
Pine Bush Equipment - Pre- owned heavy equipment for sale
Donna Nowak
 
PDF
GraceKu_CV
Grace Ku
 
DOCX
Buson de sugerencias
Priscila Pucuna
 
PDF
Wednesday 24th February GFA Relaunches Official Website
Grenada FA
 
PPTX
Historia del facebook
EMILY OROZCO VELASQUEZ
 
PDF
Tablas (duncan y tukey)
Ingeniería Industrial Cesues
 
PDF
EIA - Meticulous management of coal Handling at Karachi Port Trust
zubeditufail
 
DOCX
Status Update 3 by Liz Gargone
Elizabeth Gargone
 
DOCX
MANUAL DE INSTALACION Y USO DE MICROSFT SQL SERVER 2014
wilian_ramos_perez
 
PPTX
Edad Contemporanea
jeiner Gonzalez Blanco
 
DOCX
Udaya_Resume_LD_
BIKKINA UDAYA CHANDRA
 
PDF
Certificate Ethics and Public Health
Nireshan Naidoo
 
Listado
ESTEFANNYDA
 
Las demandas que desangran al departamento
Gobernación del Valle del Cauca
 
Pine Bush Equipment - Pre- owned heavy equipment for sale
Donna Nowak
 
GraceKu_CV
Grace Ku
 
Buson de sugerencias
Priscila Pucuna
 
Wednesday 24th February GFA Relaunches Official Website
Grenada FA
 
Historia del facebook
EMILY OROZCO VELASQUEZ
 
Tablas (duncan y tukey)
Ingeniería Industrial Cesues
 
EIA - Meticulous management of coal Handling at Karachi Port Trust
zubeditufail
 
Status Update 3 by Liz Gargone
Elizabeth Gargone
 
MANUAL DE INSTALACION Y USO DE MICROSFT SQL SERVER 2014
wilian_ramos_perez
 
Edad Contemporanea
jeiner Gonzalez Blanco
 
Udaya_Resume_LD_
BIKKINA UDAYA CHANDRA
 
Certificate Ethics and Public Health
Nireshan Naidoo
 
Ad

Similar to The Myth of SSH Key Rotation Mythcracker Webcast Series Part 3 (20)

PDF
Security On The Cloud
Tu Pham
 
PDF
API Security In Cloud Native Era
WSO2
 
PPTX
Single Sign-On & Strong Authentication
Arun S M
 
PPTX
Threat Exposure Management - Reduce your Risk of a Breach
Rahul Neel Mani
 
PDF
VMworld 2013: Troubleshooting and Monitoring NSX Service Composer Policies
VMworld
 
PPTX
Q4_Fortify your IBM Power Systems with Strong Access Control_E_FINAL.pptx
Precisely
 
PPTX
Security architecture best practices for saas applications
kanimozhin
 
PPTX
Webinar: NIST SP 800-63 Digital Identity Standard: Updates & What it Means fo...
LoriGlavin3
 
PPTX
Webinar: NIST SP 800-63 Digital Identity Standard: Updates & What it Means fo...
LoriGlavin3
 
PPTX
Lock it Down: Access Control for IBM i
Precisely
 
PPTX
Securing Applications in the Cloud
Security Innovation
 
PDF
Stop the Evil, Protect the Endpoint
BeyondTrust
 
PDF
Big Data security: Facing the challenge by Carlos Gómez at Big Data Spain 2017
Big Data Spain
 
PPTX
Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...
Digital Bond
 
PPTX
Web Application Hacking tools .pptx
Guna Dhondwad
 
PDF
Top 20 certified ethical hacker interview questions and answer
ShivamSharma909
 
PPTX
Intel boubker el mouttahid
BigDataExpo
 
PPTX
How to Test for The OWASP Top Ten
Security Innovation
 
PDF
How Zero Trust Changes Identity & Access
Ivan Dwyer
 
PPTX
Ladies Be Architects: Integration Study Group: Security & State Management
gemziebeth
 
Security On The Cloud
Tu Pham
 
API Security In Cloud Native Era
WSO2
 
Single Sign-On & Strong Authentication
Arun S M
 
Threat Exposure Management - Reduce your Risk of a Breach
Rahul Neel Mani
 
VMworld 2013: Troubleshooting and Monitoring NSX Service Composer Policies
VMworld
 
Q4_Fortify your IBM Power Systems with Strong Access Control_E_FINAL.pptx
Precisely
 
Security architecture best practices for saas applications
kanimozhin
 
Webinar: NIST SP 800-63 Digital Identity Standard: Updates & What it Means fo...
LoriGlavin3
 
Webinar: NIST SP 800-63 Digital Identity Standard: Updates & What it Means fo...
LoriGlavin3
 
Lock it Down: Access Control for IBM i
Precisely
 
Securing Applications in the Cloud
Security Innovation
 
Stop the Evil, Protect the Endpoint
BeyondTrust
 
Big Data security: Facing the challenge by Carlos Gómez at Big Data Spain 2017
Big Data Spain
 
Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...
Digital Bond
 
Web Application Hacking tools .pptx
Guna Dhondwad
 
Top 20 certified ethical hacker interview questions and answer
ShivamSharma909
 
Intel boubker el mouttahid
BigDataExpo
 
How to Test for The OWASP Top Ten
Security Innovation
 
How Zero Trust Changes Identity & Access
Ivan Dwyer
 
Ladies Be Architects: Integration Study Group: Security & State Management
gemziebeth
 

Recently uploaded (20)

PDF
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PPTX
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PPTX
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
A Presentation on Artificial Intelligence
memembruh336
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Encapsulation theory and applications.pdf
gurumoop
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
Cloud computing and distributed systems.
kkkkkhan
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 

The Myth of SSH Key Rotation Mythcracker Webcast Series Part 3

  • 1. 25 February 2016 INTERNAL | SSH Communications Security1 MONTHLY MYTH CRACKER SERIES “THE MYTH OF SSH KEY DISCOVERY” “THE MYTH OF THE PRIVATE KEY” “THE MYTH OF KEY ROTATION” “THE MYTH OF SSH KEY MANAGEMENT AS PART OF THE PRIVILEGED ACCESS MANAGEMENT PARADIGM”
  • 2. PART 3: THE MYTH OF KEY ROTATION SSH Communications Security2 Matthew McKenna Chief Commercial Officer February 24th, 2016 Joe Scaff Director, Customer Services
  • 3. WHAT WE WILL COVER • Quick Introduction • Who is SSH Communications Security? • Why is SSH so important? • How do SSH Keys work? • What are the Myths of Key Rotation? • Risk vs. Reward of Key Rotation • How to approach and resolve the challenge • More reading | SSH Communications Security3
  • 4. WHO IS SSH COMMUNICATIONS SECURITY Quick Facts: • Inventors of the SSH protocol • Listed: NASDAQ OMX Helsinki (SSH1V) • 3,000 customers including 6 of the 10 largest US banks • Original source of OpenSSH What We Do: • Access Management • Access Controls & Key Management • Encrypted Channel Monitoring • Data-in-Transit Encryption We provide the means to discover, monitor and control privileged access and encrypted traffic without disrupting the flow of information, processes or business practices 4
  • 5. WHAT IS SSH? | SSH Communications Security5 TCP/IP client SSH TCP Tunneling Terminal SFTPSSH server
  • 6. SSH KEEPS THE WORLD RUNNING 25 February 2016 | SSH Communications Security6 Supply Chain/ 3rd party Access On Premise Cloud
  • 7. GOOD VS. EVIL SECURE SHELL IS A POWERFUL TOOL THAT HAS POTENTIAL FOR MISUSE CAPABILITY FOR GOOD FOR EVIL Data-in-Transit Encryption Prevent man-in-the-middle attacks and protect sensitive information Blind security operations and forensics teams to malicious behavior Remote access to systems and applications Convenient method for both administrators and developers to access systems and applications Convenient method for malicious insiders and external threats to compromise your systems and applications Command execution Move, copy, delete files and applications for business related purposes Exfiltrate confidential information, deploy malware, delete or damage databases Tunneling Enable application-to- application connectivity Bypass corporate firewall policy
  • 8. SSH AUTHENTICATION: THE ESSENTIALS | SSH Communications Security8 1) Server authentication: Server proves its identity to the client 2) User authentication: Client proves user’s identity to the server Network Think of the private key as a real key while the public-key resembles a lock SSH is commonly used to grant administrators or automated services access to systems. Typically, every employee is responsible for his own personal key, or rather for all keys that he’s generated, e.g. for test- and production systems. Keys used by services are, at best, only tied organizationally to a person or groups. SSH client SSH server
  • 9. SSH USER KEY & ACCESS USE CASES | SSH Communications Security9 Interactive SSH login using keys (individual use) SA System Admin login to SSH server DBA Database Admin login to SSH server Individual Developement / Other login to SSH server Root Root user login to SSH server Non- interactive SSH login using keys (automated/process usage) Application Business app login and performing app specific task Monitoring Automated system monitoring application login and performing application specific tasks System Automated system admininstration tasks login and performing app specific tasks
  • 10. THE MYTHS OF KEY ROTATION? Myth 1: Key rotation makes us more secure Myth 2: Key rotation can be established fairly easily Myth 3: Key rotation should be done automatically Myth 4: Key rotation is a must? Or is there a more clever way? | SSH Communications Security10
  • 11. MYTH 1: KEY ROTATION MAKES US MORE SECURE. | SSH Communications Security11 Rotation without lockdown simply rotates the problem Continuous Monitoring is key Full visibility of the chain of trust Risk mitigation controls sit with the authorized key
  • 12. MYTH 2: KEY ROTATION CAN BE ESTABLISHED FAIRLY EASILY | SSH Communications Security12 PROD TO PROD NON-INTERACTIVE SINGLE APPLICATION PROD TO PROD NON-INTERACTIVE CROSS APPLICATION
  • 13. MYTH 3: KEY ROTATION SHOULD BE DONE AUTOMATICALLY | SSH Communications Security13 “ We want key rotation to be fully automatic” – Customer A “ Wait. We want key rotation to be manual but automatic.” Customer A after deeper consideration. • Interactive SSH user keys • External 3rd party contractor interactive SSH user keys • External 3rd party automated key based access with known one to one connections • Keys unused for X period of time with known one to one connection • Known, continuously monitored, remediated chains of trust for automated processes, with known IP source restrictions Candidates for Automatic Manual but Automatic
  • 14. MYTH 4: KEY ROTATION IS A MUST. | SSH Communications Security14 Remediation vs. Rotation Access Cryptography Configuration Resilience vs. Security Interactive vs. Automated
  • 15. HOW TO ADDRESS THE CHALLENGE | SSH Communications Security15 4. Risk versus Reward in Remediation Efforts 5. Discover & Remediate vs. Application Lockdown Approaches 7. Importance of IDM as Part of the Governance Process 1. Project Objectives 2. Establishment of a Policy Baseline 3. The Process 6. Standard Guidance
  • 16. PROJECT OBJECTIVES Issue Definition Drivers to act Mission Project objectives • Insufficient controls for access to the production estate for interactive and automated access where SSH public key authentication is used. E.g. unauthorized root keys • Lack of continuous monitoring of key based SSH public key based authentication • Lack of standardized recertification process within overall key management framework • Operational risk – internal/external misused root level access where unauthorized key based access exists, however is not visible will have significant operational, reputational and financial impact to the bank • Compliance - PCI ,SOX , MAS mandate unauthorized access to production be remediated • Process standardization- lockdown of key recertification and policy management • Ensure stability of the IT Production Environment by implementation and management of Application Production Access Controls where public key authentication is utilized for interactive and automated access • Standardization of policy for interactive/automated access utilizing SSH public key authentication to production estate • Discover and monitor legacy key based trust relationships across estate • Lock down existing and future access to production estate • Remediate against policy violations • Create process for automation of provisioning, de-provisioning and recertification of key based access • Integration into SSH user key management into IDM framework
  • 17. SSH USER KEY & ACCESS MANAGEMENT POLICY | SSH Communications Security17 Access Policy Cryptography Policy Configuration Policy
  • 18. PROCESS | SSH Communications Security18 Define policies Discover Report Monitor Lockdown Remediate Integrate Automate Assess and Discover Control and Remediate Recertify and Govern
  • 19. THE RISK VERSUS REWARD IN REMEDIATION & ROTATION | SSH Communications Security 19 Risk Reward Decommissioned App Keys DEV to PROD Connections Interactive Jump Server Bypass Keys Unauthorized Root Trust Unused Keys SSH 1 Keys Unknown Trusts Shared Private Keys Weak Encryption Aged Keys
  • 20. PRIORITIZATION & QUICK WINS FOR RISK REDUCTION & COMPLIANCE 25 February 2016 INTERNAL | SSH Communications Security20 Remediation Item Reward Risk Comment Unauthorized ROOT trust Highest Medium Undesired break of process Decommissioned application keys High Low Often significant numbers, unnecessary exposure SSH1 keys Low/Medium Low Deprecated keys that should not be in use DEV to PROD connections High Low If policy does not permit, fairly easy to implement Interactive jump server bypass keys High Low If policy does not permit, fairly easy to implement Unknown trusts High Low/High Depends on time the environment has been monitored Unused keys High Low/High Depends on time the environment has been monitored Shared private key scenarios Medium High Same rule as rotation if remediating trust Weak encryption Medium High Rotation requires full visibility in to trust chain Aged keys Low High Rotation requires full visibility in to trust chain
  • 21. DISCOVER & REMEDIATE APPROACH VS. APPLICATION LOCKDOWN APPROACH | SSH Communications Security21 Approach Pros Cons Discover & Remediate Approach • Gain quick visibility of as much as possible across as many platforms as possible • Eliminate high risk items and quick wins in fastest time • Remediation before locked is limited to users with local home directories or clear policy violations Application Lockdown Approach • Stops bleed of unauthorized provisioning most effectively • Highest degree of control of remediation effort • Requires application team involvement • Requires effective communication process and project management for tracking
  • 22. STANDARD GUIDANCE | SSH Communications Security22 • Single key Pair per authorization • Within same or cross application context to ensure full accountability (Ownership) and recertification. • A From stanza should be added to constrain this relationship. • Single SSH key across multiple servers • Permissible with within a single application and with additional constraints of the From stanza. • Multi-server cross-application usage of a single key pair • Should be remediated, retiring them in favor of dedicated SSH keys for each interfacing application. • In the interim, a From stanza should be added to constrain this relationship. • Interactive User Connections • Jump/PAM servers should be leveraged to access all Prod servers. • Direct access to any production server is not allowed. • Cross-communication between production and non-production environments is not allowed.
  • 23. IDM INTEGRATION | SSH Communications Security23 APP OWNER HR USER SSH OWNER BUSINESS OWNER APP INFO USER ACCOUNT APP & POLICY INFO KEY DATA IDM Key Manager SOURCE DESTINATION 1. Reconciliation of IDM and Key Manager (daily) 2. Account creation 3. Off-boarding – Account deletion/ ownership changes 4. Unauthorized key replacement and key expiration 5. Account revalidation USE CASES
  • 24. JUST THE TIP OF THE ICEBERG | SSH Communications Security24 National Institute of Standards & Technology NIST-IR 7966 - Security of Interactive & Automated Access Management Using Secure Shell (SSH) This publication is a public document & free of charge for all: http://dx.doi.org/10.6028/NIST.IR.7966
  • 25. THE LAST SESSION IN OUR MYTH CRACKER SERIES… 25 Join us for: THE MYTH OF SSH KEY MANAGEMENT AS PART OF THE PRIVILEGED ACCESS MANAGEMENT PARADIGM March 24, 2016 13.00 ET | SSH Communications Security

Editor's Notes

  • #3: Welcome to our Myth Crackers Series were we will be going over