Unmanaged, orphaned SSH keys remain a serious enterprise risk
There are many ways attackers can try to infiltrate an enterprise, but many times enterprises make it so easy that the attackers don’t have to try too hard. Consider the current state of orphan SSH (Secure Shell) keys and how these keys represent one of the biggest risks in the enterprise.
These keys are a cryptographic network protocol for operating network services and are used for system to system automation and authentication, application integration, system management and other common functions. Should an attacker get ahold of these keys, they could find it very easy to burrow their way deeper into the network.
To better understand the state of SSH security, or insecurity, in the enterprise, we turned to the inventor of SSH, Tatu Ylonen chief executive officer at SSH Communications Security, and author of US National Institute of Standards and Technology Internal Report 7966, Security of Interactive and Automated Access Management Using Secure Shell (SSH), and several Internet Engineering Task Force standards.