Six reasons to take control of your orphaned encryption keys
A close analysis of the cybersecurity attacks of the past shows that, in most cases, the head of the cyber kill chain is formed by some kind of privilege abuse. In fact, Forrester estimates that compromised privileged credentials play a role in at least 80% of data breaches. This is the reason Privileged Access Management (PAM) has gained so much attention over the past few years. With securing and managing access to business-critical systems at its core, PAM aims to provide enterprises with a centralized, automated mechanism to regulate access to super-user accounts. PAM solutions ideally do this by facilitating end-to-end management of the privileged identities that grant access to these accounts.
However, the scope of privileged access security is often misconceived and restricted to securing and managing root account passwords alone. Passwords, beyond a doubt, are noteworthy privileged access credentials. But the constant evolution of technology and expanding cybersecurity perimeter calls for enterprises to take a closer look at the other avenues of privileged access, especially encryption keys—which despite serving as access credentials for huge volumes of privileged accounts, are often ignored.
This article lays focus on the importance encryption key management—why enforcing SSH key and SSL certificate management is vital, and how by doing so, you can effectively bridge the gaps in your enterprise privileged access security strategy.
1. Uncontrolled numbers of SSH keys trigger trust-based attacks
The average organization houses over 23,000 keys and certificates many of which grant sweeping access to root accounts, says a Ponemon survey. Also, a recent report about the Impact of Unsecured Digital Identities states that 71% of the respondents did not have any idea about the number of keys or the extent of their access within the organization. Without a centralised key management approach, anybody in the network can create or duplicate any number of keys. These keys are often randomly generated as needed and are soon forgotten once the task they are associated with is done. Malicious insiders can take advantage of this massive ocean of orphaned SSH keys to impersonate admins, hide comfortably using encryption, and take complete control of target systems.
2. Static keys create permanent backdoors
Enterprises should periodically rotate their SSH keys to avoid privilege abuse, but huge volumes of unmanaged SSH keys make key rotation an intimidating task for IT administrators. Moreover, due to a lack of proper visibility on which keys can access what, there is widespread apprehension about rotating keys in fear of accidentally blocking access to critical systems. This leads to a surge of static SSH keys, which have the potential to function as permanent backdoors.
3. Unintentional key duplication increases the chance of privilege abuse
For the sake of efficiency, SSH keys are often duplicated and circulated among various employees in an organization. Such unintended key duplication creates a many-to-many key-user relationship, which highly increases the possibility of privilege abuse. This also makes remediation a challenge since administrators have to spend a good amount of time revoking keys to untangle the existing relationships before creating and deploying fresh, dedicated key pairs.
4. Failed SSL certificate renewals hurt your brand’s credibility
SSL certificates, unlike keys, have a set expiration date. Failing to renew SSL certificates on time can have huge implications on website owners as well as end users. Browsers don’t trust websites with expired SSL certificates; they throw security error messages when end users try to access such sites. One expired SSL certificate can drive away potential customers in an instant, or worse, lead to personal data theft for site visitors.
5. Improper SSL implementations put businesses at risk
Many businesses rely completely on SSL for internet security, but they often don't realize that a mere implementation of SSL in their network is not enough to eliminate security threats. SSL certificates need to be thoroughly examined for configuration vulnerabilities after they are installed. When ignored, these vulnerabilities act as security loopholes which cybercriminals exploit to manipulate SSL traffic and launch Man-in-the-Middle (MITM) attacks.
6. Weak certificate signatures go unheeded
The degree of security provided by any SSL certificate depends on the strength of the hashing algorithm used to sign the certificate. Weak certificate signatures make them vulnerable to collision attacks. Cybercriminals exploit such vulnerabilities to launch MITM attacks and eavesdrop on communication between users and web servers. Organizations need to isolate certificates that bear weak signatures and replace them with fresh certificates containing stronger signatures.
Bridging the gaps in your PAM strategy
All the above scenarios highlight how important it is to widen the scope of your privileged access security strategy beyond password management. Even with an unyielding password manager in place, cybercriminals have plenty of room to circumvent security controls and gain access to superuser accounts by exploiting various unmanaged authentication identities, including SSH keys and SSL certificates. Discovering and bringing all such identities that are capable of granting privileged access under one roof is one important step enterprises should take to bridge gaps in their privileged access security strategy. For, today's unaccounted authentication identities could become tomorrow's stolen privileged credentials!
The author is Product Consultant, ManageEngine