Skip to main content

More on the security concerns for SSH and Key Management

(0 comments)

We've blogged previously about the potential compliance issues around SSH keys and about the risks of poor SSH key management.  A recent Forrester survey (PDF warning!)  revealed:

  • 36% of enterprises do not scan for unauthorized keys.
  • 47% of IT professionals reported dealing with a security incident due to compromised or mis-used keys.
  • Keys are rarely rotated.
  • 40% of enterprises rely on sys admins to detect a rogue SSH key.

You could purchase software to help you manage keys (as the sponsors of that survey no doubt recommend),  but you would essentially be setting up a second user database instead of relying on your existing directory infrastructure.  By using PAM-RADIUS and an one-time password you can have two-factor authentication tied into your AD.  Rogue keys would cease to be an issue.

Currently unrated

Comments

There are currently no comments

New Comment

required

required (not published)

optional

Recent Posts

Archive

2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom