Author Box
Articles Categories
All Categories
Articles Resources

The Risks To You And Your Organisation Of Not Using An SSH Key Manager For Your User Keys

April 19, 2012 | Comments: 0 | Views: 198

Organisations large and small may have multiple servers and maybe tens of thousands of data users who have access to one of their company's most valuable assets - their data. Typically data users - not even necessarily the human kind - are issued with authentication keys and a pair is produced - a public/private pair for authentication and supposed safe access to the information but there are serious risks which mean that the management of those keys is vital to make sure the information doesn't fall into the wrong hands. Here are the main risks that can be addressed by the new SSH Key Manager.

Unauthorised Copies of Private Keys.

Any administrator who has access to a user account is technically able to make a copy of any private key stored in that account.This could be any user who can thereafter log into the client account and may have made a copy. Such copies are just as effective for public key authentication as the original keys as long as the public keys remain authorised by the servers.

Lack of Key Rotation.

Changing keys is currently too costly and difficult in practice. As a result, many of the private keys in the environment could be years old and any numbers of parties such as administrators, contractors, employees and consultants could still have access and it would be impossible to track them down.

Lack of Visibility of Who has Access to What.

Typically most organisations don't know which users have access to which servers and data. Automated data transfer means that data could easily be flowing to users who shouldn't have access to it. It's important to know that who has access to what sort of data and to manage those security levels.

Lack of Visibility of Trust Relationships Cross Production or Functional Boundaries.

Many organisations have policies stating that file transfers or application to application connections should not occur between their production networks and development networks. Firewalls can be used to help with this but they do not have visibility of the user accounts used within encrypted sessions, so cannot see inside the encryption so there is no visibility of whether there are trust relationships crossing the boundary.

Lack of Visibility of Trust Relationships Crossing Organisational Boundaries.

Many organisations outsource some or all of their IT to external providers. Often those providers administer the servers and thus have access to the network from its premises. Such access is usually implemented using the SSH protocol. Many of these organisations cannot see whether the trust relationships for passwordless authentication exist between their provider and themselves. This can expose the organisation to rogue service provider's personnel and even systematic data leaks.

Inability to Audit Existing Trust Relationships.

Lack of visibility of existing user authentication keys also means that it is not possible to audit them. For most, it's not possible to audit the following:

Regular renewals of private keys, nil-use of private key, length of use of private key, who has access to what data, which servers, hosts or applications, who can create new accounts and the level of trust relationship, ex employees or contractors who might be accessing the system, adjustment of account access dependent on their role or seniority, unauthorised data transfer.

The Quantity of Individuals Who Can Create Permanent Trust Relationships.

When trust relationships are set up manually by individual administrators, there's no control over what trust relationships are set up and whether they are properly documented and approved. Large enterprises might have a very large number of people and the more people there are and trust relationships. The higher the number there is, the greater the risk.

Human Errors in Manual Key Set up and Removal Process.

The process of setting up a password-less trust relationship involves creating a key pair by copying the generated key. It's actually a long and complicated process fraught with possibilities for human errors which can be overcome by such as the SSH key manager:

  • Accidental deletion other identity keys
  • Copying the wrong public key
  • Copying to the wrong host or account
  • Forgetting to copy to some servers.

HANDD Business Solutions Ltd are specialists and consultants in data-centric security solutions. They provide consultancy and advice on Data Classification, Managed and secure file transfer and SSH User Key Management. They have offices or representation in the UK, Mainland Europe, Middle East, Asia Pacific and the US. They sell and distribute software on behalf of Titus, Varonis, Ipswitch, GlobalSCAPE, Linoma, SSH, Attachmate and South River Technologies.

Helen Adams is the Marketing Manager at HANDD Business Solutions. Tel 0845 643 4063 email

Source: EzineArticles
Was this Helpful ?

Rate this Article

Article Tags:

Ssh Key Manager


Authentication Keys


Ssh Key Management


Secure File Transfer




Trust Relationship

In India, employment opportunities are set to grow by a good margin in the coming year, a phase which was started in the turn of the second decade of the 21st century. organisation, candidates with

By: Sarkariexam l Business > Careers Employment l April 01, 2013 lViews: 11708

Sometimes it is amazing to see that certain jobs can precipitate huge turnouts in the recruitment drives. It is as if thousands of people were waiting for the vacancy advertisements and the moment

By: Sarkariexam l Business > Careers Employment l December 30, 2012 lViews: 690

In recent times, jobs in healthcare segments have grown tremendously. It is anticipated that this growth curve will continue for the times to come. Various factors are responsible for this

By: Sarkariexam l Business > Career Advice l December 27, 2012 lViews: 446

Are you in a dilemma whether to choose web based CRM or not? If yes, don’t worry. You aren’t the sole person having this doubt.There are numerous firms trying to make out whether investing in a

By: Reneta Vasileva l Business > Customer Service l December 23, 2012 lViews: 409

If you think about it you will realize the fact that each business has its own set of risks that are involved in it.The trade secrets that you have and the information related to the business is what

By: brumbrum1 l Business > Risk Management l December 23, 2012 lViews: 263

As the time is changing, concierge management services are now growing despite the slowing economies of the world. The main reason of it is the need that is highly specific to the people who like to

By: willsmith10 l Business > Management l December 23, 2012 lViews: 333

If you think about it you will realize the fact that each business has its own set of risks that are involved in it.The trade secrets that you have and the information related to the business is what

By: brumbrum1l Business > Risk Managementl December 23, 2012 lViews: 263

Culture is the single most defining factor in any organization, not only to effectively implement any number of important corporate strategies, but in order to achieve an overall health and success

By: Charles Scott Coxl Business > Risk Managementl July 27, 2012 lViews: 271

Some say it takes brilliance to solve problems, and that may be so. The same folks will tell us that it takes a genius to not have the problem in the first place. Nevertheless, generally speaking

By: Lance Winslowl Business > Risk Managementl July 24, 2012 lViews: 238

A well-defined agreement is needed when establishing a reciprocity relationship between stakeholders. These agreements should define the roles, responsibilities and needed efficiencies of the

By: James E Fogartyl Business > Risk Managementl July 24, 2012 lViews: 198

The legislation regarding food safety measures is getting harsher every day. Anyway, this is not something to complain about considering that when it comes to food people's lives are involved. Quite

By: Tom Chicconel Business > Risk Managementl July 23, 2012 lViews: 210

Decision making can be regarded as the processes of selecting one or more choices. A critical ability for successful decision making is to correctly weigh the criteria in terms of relative importance

By: Anthony Comerfordl Business > Risk Managementl July 22, 2012 lViews: 182

Discuss this Article

comments powered by Disqus