Skip to main content

More on the security concerns for SSH and Key Management

We've blogged previously about the potential compliance issues around SSH keys and about the risks of poor SSH key management.  A recent Forrester survey (PDF warning!)  revealed:

  • 36% of enterprises do not scan for unauthorized keys.
  • 47% of IT professionals reported dealing with a security incident due to compromised or mis-used keys.
  • Keys are rarely rotated.
  • 40% of enterprises rely on sys admins to detect a rogue SSH key.

You could purchase software to help you manage keys (as the sponsors of that survey no doubt recommend),  but you would essentially be setting up a second user database instead of relying on your existing directory infrastructure.  By using PAM-RADIUS and an one-time password you can have two-factor authentication tied into your AD.  Rogue keys would cease to be an issue.

Current rating: 2.3

Recent Posts

Archive

2024
2022
2021
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom