Secure Shell’s popularity among system administrators, application developers and network engineers with it’s support of automated processes within both traditional data center and cloud environments makes it a juicy target for hackers. Enabled on countless devices, servers and accounts, it is powerful – especially since many IT shops don’t implement sufficient controls over its use.
This presentation shows how hackers and insiders take advantage of unmanaged, unmonitored deployments of Secure Shell keys to compromise data confidentiality, availability and integrity.
The presenter will utilize a demonstration data center with a typical deployment of servers, routers and firewalls. Using commands from his workstation, he will show and explain how Secure Shell can be used to compromise a server environment, such as leapfrogging from server to server, bypassing security and monitoring controls, creating unauthorized connections to external networks and exfiltrating data without a trace.
This presentation shows how a lack of central management and control over the use of Secure Shell creates big security exposures across the server estate.
Secure Shell’s popularity among system administrators, application developers and network engineers with its support for automated processes within both traditional data center and cloud environments makes it a juicy target for hackers. Enabled on countless devices, servers and accounts, it is both ubiquitous and powerful, allowing system administrators to get their job done and businesses to focus on creating value. Secure Shell is growing all the more popular with the advent of cloud services, virtualization and containerized computing – all managed with the trusted protocol. But as a specialist tool, many IT departments don’t implement sufficient controls over its use.
The company I work for, SSH Communications Security, are the inventors of the Secure Shell protocol, having two decades worth of experience in securing and managing SSH keys. In my talk at Infosecurity Europe, I’ll share some insights into what we have learned when consulting customers ranging from IT infrastructure vendors to financial institutions.
Typically, what we find in large SSH infrastructure deployments that have been developed over time – often as a result of different generations of IT operations, mergers etc. – is loss of visibility into who (or what) has access to what. This is very likely a violation of compliancy rules. PCI, SOX, NIST and other relevant standards are there for a reason, forming a robust framework of guidelines on IT infrastructure and process design with security and business continuity in mind.
In my talk I will demonstrate tangibly how an attacker or malicious insider can exploit this lack of visibility, circumventing essentially all of the controls thought to be in place, by using the very same tools as used for normal system maintenance. Thanks to the nature of the encrypted, privileged access, the attacker can then move freely in and out of the system, gain access to yet more resources in the data center and exfiltrate data out without getting caught.
Hackers are taking advantage of the methods described here widely, in fact it’s the most common technique. By getting hold of user keys or tokens, hackers can move in and take over entire networks, as is the case in 95% of successful attacks, recent data breach report from Verizon shows. In my talk, I’ll illustrate the process how hackers can turn your security against you with few relatively simple steps. I will also describe how to get out of the situation, be better equipped to recover from successful breaches, and avoid being liable by being compliant with relevant standards.
I won’t promise your network will never be breached again but setting up the right checks and balances will enable detection and stop data loss. Human factors still remain as the main source of successful breaches, but following the correct design principles will enable minimizing business risk and downtime caused by attacks and let organizations focus on taking their business forward.
This will be my 3rd InfoSecurity Europe conference and I’m really looking forward to meeting all the great colleagues, exchanging ideas and hearing about the latest events! I’ll be there the entire time, so feel free to grab me or come by our booth at D83.
Not registered for Infosecurity Europe 2015 yet?