ITL BULLETIN FOR JANUARY 2016 SECURING INTERACTIVE AND AUTOMATED ACCESS MANAGEMENT USING SECURE SHELL (SSH)



Similar documents
Security of Interactive and Automated Access Management Using Secure Shell (SSH)

TrustED Briefing Series:

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy

System Business Continuity Classification

System Business Continuity Classification

PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK

SPECIFICATION. Hospital Report Manager Connectivity Requirements. Electronic Medical Records DRAFT. OntarioMD Inc. Date: September 30, 2010

The Importance Advanced Data Collection System Maintenance. Berry Drijsen Global Service Business Manager. knowledge to shape your future

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013

HIPAA HITECH ACT Compliance, Review and Training Services

GUIDANCE FOR BUSINESS ASSOCIATES

A96 CALA Policy on the use of Computers in Accredited Laboratories Revision 1.5 August 4, 2015

ViPNet VPN in Cisco Environment. Supplement to ViPNet Documentation

Improved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1

HIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions

Cloud Services Frequently Asked Questions FAQ

2. When logging is used, which severity level indicates that a device is unusable?

VCU Payment Card Policy

Security Services. Service Description Version Effective Date: 07/01/2012. Purpose. Overview

Information Services Hosting Arrangements

Name. Description. Rationale

SaaS Listing CA Cloud Service Management

Session 9 : Information Security and Risk

Christchurch Polytechnic Institute of Technology Access Control Security Standard

The ADVANTAGE of Cloud Based Computing:

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014

Personal Data Security Breach Management Policy

EA-POL-015 Enterprise Architecture - Encryption Policy

PENETRATION TEST OF THE FOOD COMPUTER NETWORK

Vulnerability Management:

Ensuring end-to-end protection of video integrity

Using PayPal Website Payments Pro UK with ProductCart

MaaS360 Cloud Extender

Monitor Important Windows Security Events using EventTracker

Cloud-based File Sharing: Privacy and Security Tutorial Institutional Compliance Office July 2013

PROTIVITI FLASH REPORT

ACTIVITY MONITOR Real Time Monitor Employee Activity Monitor

Wireless Light-Level Monitoring

UC4 AUTOMATED VIRTUALIZATION Intelligent Service Automation for Physical and Virtual Environments

CSC IT practix Recommendations

Presentation: The Demise of SAS 70 - What s Next?

Woodstock Multimedia, INC. Software/Hardware Usage Policy

Datasheet. PV4E Management Software Features

ACTIVITY MONITOR. Live view of remote desktops. You may easily have a look at any user s desktop.

This guide is intended for administrators, who want to install, configure, and manage SAP Lumira, server for BI Platform

In addition to assisting with the disaster planning process, it is hoped this document will also::

Protecting Point of Sale Devices from Targeted Attacks

ITIL Release Control & Validation (RCV) Certification Program - 5 Days

Audit Committee Charter. St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd

Integrating With incontact dbprovider & Screen Pops

IT Account and Access Procedure

Security Standard for General Information Systems

Managing Access and Help Protect Corporate Data on Mobile Devices with Enterprise Mobile Suite

Installation Guide Marshal Reporting Console

Introduction to Mindjet MindManager Server

Password Reset for Remote Users

AML Internet Manor Court, Manor Farm House, London Road, Derby, Derbyshire, DE72 2GR. Tel: Fax:

Document Management Versioning Strategy

ScaleIO Security Configuration Guide

Service Level Agreement Distributed Hosting and Distributed Database Hosting

Version Date Comments / Changes 1.0 January 2015 Initial Policy Released

Junos Pulse Instructions for Windows and Mac OS X

Chapter 7 Business Continuity and Risk Management

Adobe Sign. Enabling Single Sign-On with SAML Reference Guide

Symantec User Authentication Service Level Agreement

Comtrex Systems Corporation. CISP/PCI Implementation Guidance for Odyssey Suite

Serv-U Distributed Architecture Guide

Securely Managing Cryptographic Keys used within a Cloud Environment

Installation Guide Marshal Reporting Console

Security Information and Event Management Project

LINCOLNSHIRE POLICE Policy Document

Disk Redundancy (RAID)

Evaluation Report. 29 May Prepared by ICSA Labs 1000 Bent Creek Blvd., Suite 200 Mechanicsburg, PA

Windows Intune Helps Microsoft Partners More Easily Deploy and Manage Office 365 Users and Devices

Help Desk Level Competencies

Key Steps for Organizations in Responding to Privacy Breaches

BACnet Field Panel Web Server with Application MC and Kiosk Mode Graphics

Introduction LIVE MAPS UNITY PORTAL / INSTALLATION GUIDE Savision B.V. savision.com All rights reserved.

MANAGED VULNERABILITY SCANNING

expertise hp services valupack consulting description security review service for Linux

CPIT Aoraki ICT Asset and Media Security Standard

Flash Padlock. Self-Secured and Host-Independent USB Flash Drive White Paper. April 2007 Prepared by ClevX, LLC for Corsair Memory

Organisational self-migration guide an overview V1-5 April 2014

Team Leader, Cyber Threat Management

Remote Working (Policy & Procedure)

Service Level Agreement (SLA) Hosted Products. Netop Business Solutions A/S

PCI - Why You Need to be Compliant When Accepting Credit Card Payments. Agenda. Breaches in the Headlines. Breach Events & Commonalities

Process Automation With VMware

State of Wisconsin. File Server Service Service Offering Definition

THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM

ROSS RepliWeb Operations Suite for SharePoint. SSL User Guide

Diagnosis and Troubleshooting

CNS-205: Citrix NetScaler 11 Essentials and Networking

RSA Authentication Manager 5.2 and 6.1 Security Best Practices Guide. Version5

Appendix A Page 1 of 5 DATABASE TECHNICAL REQUIREMENTS AND PRICING INFORMATION. Welcome Baby and Select Home Visitation Programs Database

GUIDELINES FOR SECURING SOCIAL MEDIA ACCOUNTS. Version 1.0

University of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments

Microsoft Certified Database Administrator (MCDBA)

CUSTOMER Information Security Audit Report

Transcription:

ITL BULLETIN FOR JANUARY 2016 SECURING INTERACTIVE AND AUTOMATED ACCESS MANAGEMENT USING SECURE SHELL (SSH) Murugiah Suppaya, Karen Scarfne, 1 and Larry Feldman, 2 Editrs Cmputer Security Divisin Infrmatin Technlgy Labratry Natinal Institute f Standards and Technlgy U.S. Department f Cmmerce Intrductin ITL has released an imprtant new guidance dcument n access management: NIST Internal Reprt (NISTIR) 7966, Security f Interactive and Autmated Access Management Using Secure Shell (SSH). The SSH prtcl prvides a way t authenticate the identity f users and hsts befre allwing them t execute cmmands n ther hsts in either an interactive r an autmated fashin. This access is necessary fr many purpses, including file transfers, disaster recvery, privileged access management, sftware and patch management, and dynamic clud prvisining. Unfrtunately, the security f SSH key-based access is ften verlked by rganizatins, and misuse r cmprmise f SSH keys culd lead t unauthrized access, ften with high privileges. Therefre, rganizatins need t imprve their management f SSH user keys, including key prvisining, terminatin, and mnitring. This publicatin prvides the basics f SSH interactive and autmated access management, fcusing n explaining hw rganizatins shuld manage their SSH keys. SSH Client Authenticatin Methds SSH client authenticatin refers t the authenticatin f interactive users (administratrs and ther human users) and autmated prcesses perating thrugh SSH clients. Each user r prcess authenticates t a particular accunt n the hst running the SSH server. The SSH prtcl supprts several methds fr client authenticatin, including passwrds, hst-based authenticatin, Kerbers, and public key authenticatin, and ne r mre f these methds can be enabled n each SSH server. NISTIR 7966 discusses each methd in detail, describing the prs and cns f each in terms f security and flexibility. Organizatins shuld carefully evaluate and select the client authenticatin methd r methds that are acceptable fr use, and disable the use f all ther methds. NISTIR 7966 recmmends the use f public key authenticatin fr autmated prcesses. Public key authenticatin uses SSH user keys r certificates, typically user keys, t authenticate a cnnectin. This authenticatin methd ffers a cmbinatin f security features that the ther methds d nt prvide, making it particularly well suited fr autmated prcesses. Examples f these features include cmmand 1 Karen Scarfne is a Guest Researcher frm Scarfne Cybersecurity. 2 Larry Feldman is a Guest Researcher frm G2, Inc. 1

restrictins, which limit what can be dne n the server, and surce restrictins, which limit which Internet Prtcl addresses can establish cnnectins with the server. Public key authenticatin is als recmmended fr interactive users, with smartcard-based slutins being preferred because f their superir security characteristics. The smartcard is used t stre and prtect the user s identity key. An alternative is t keep the identity key in a passwrd-prtected file n the client device. The passwrd is used t decrypt the key, s the strength f the passwrd has a majr impact n the security f the key and the SSH access t ther hsts that it enables. Vulnerabilities in SSH-Based Access SSH is widely used t manage servers, ruters, firewalls, security appliances, and ther devices thrugh accunts with elevated privileges. This makes SSH keys a particularly attractive target fr attackers. Unfrtunately, many rganizatins are nt aware f the vulnerabilities inherent in SSH use if prper prvisining, terminatin, and mnitring prcesses are nt perfrmed, especially when the SSH use includes autmated access. NISTIR 7966 describes seven majr categries f vulnerabilities: Vulnerable SSH implementatin. The SSH client r server implementatin culd have explitable vulnerabilities, including sftware flaws, cnfiguratin weaknesses, and SSH prtcl weaknesses. Imprperly cnfigured access cntrls. The SSH sftware r cmpnents that the SSH sftware integrates with may nt be cnfigured crrectly, which culd allw unauthrized access t privileged accunts, unauthrized elevatin f privileges fr standard accunts, and ther unintended access. Stlen, leaked, derived, and unterminated keys. Anyne wh has acquired access t an SSH identity key, such as by having malware harvest keys frm an rganizatin s laptps r using an ld key that shuld have been terminated, may be able t use that key t gain unauthrized access t ne r mre f an rganizatin s systems. Backdr keys. Organizatins ften mandate use f a privileged access management system fr all privileged access t their servers. Hwever, SSH public key authenticatin can be used t create a backdr. It can be dne by generating a new key pair and adding a new authrized key t an authrized keys file that circumvents the privileged access management system and its mnitring and auditing capabilities. Unintended usage. Users may use SSH identity keys fr unintended purpses, such as tunneling traffic instead f perfrming autmated file transfers. This usage intentinal r unintentinal culd cause activity t be hidden frm netwrk security cntrls. Pivting. Pivting is the prcess f an attacker traversing an rganizatin s systems by repeatedly mving frm ne server t anther, ften using credentials acquired frm servers 2

alng the way. When autmated SSH access is allwed, malware n a client system may be able t steal an SSH key and use it t gain access t a server, where it steals mre keys and uses them t gain access t ther servers. Lack f knwledge and human errrs. SSH management is cmplex, making it mre prne t errrs, and many administratrs have insufficient knwledge f secure SSH cnfiguratin and management practices. A single mistake culd prvide privileged access t unauthrized users and g undetected fr years. Recmmended Practices fr Securing SSH Access Effectively securing SSH access cnsists f defining clear plicies and prcedures, and implementing management, peratinal, and technical security cntrl prcesses supprting these plicies and prcedures. The rganizatin shuld address nt nly the security f already-deplyed SSH systems, privileges, and user keys, but als the security f new SSH systems and user keys. Examples f practices that shuld be addressed in an rganizatin s plicies and prcedures include the fllwing: Only enable SSH server functinality n systems where it is abslutely required; Keep SSH server and client implementatins fully up t date n all systems; Harden all SSH server and client implementatins; Enfrce least privileged access fr all SSH-accessible accunts; Ensure that all SSH user keys (identity and authrized keys) meet minimum requirements, including the fllwing: Use f an apprved algrithm and sufficiently lng key with an acceptable maximum cryptperid (lifetime); Access cntrls fr bth identity and authrized keys; and Specificatin f cmmand and surce restrictins fr authrized keys used fr autmated prcesses. Prvisining and cnfiguring SSH access t an accunt shuld balance the need fr access against the risks and shuld include cnsideratin f the level f access required. Organizatins shuld fllw a cntrlled prvisining and life cycle prcess. The initial phases f this prcess are: the Request phase, where smene submits a frmal request fr establishing SSH access; the Apprval phase, where change cntrl prcesses are used t review and apprve r deny the request; and the Prvisining phase, where the apprved request is implemented by deplying SSH sftware and generating and deplying keys. Once the keys are available fr use, there is an extended Usage Lgging phase, during which all use f the keys is recrded in lgs fr cntinuus mnitring, auditing, and frensic purpses. Peridically, the rganizatin shuld review and reauthrize each instance f SSH key-based access. When a system r applicatin is decmmissined, an applicatin n lnger needs t be administered 3

remtely, r anther change ccurs that eliminates the need fr SSH usage, the crrespnding SSH access shuld be terminated. Remediatin and Autmatin Remediating weaknesses in existing SSH implementatins and keys can be a daunting task. Many rganizatins have thusands f untracked SSH keys granting access acrss a large number f missincritical systems. Existing legacy keys pse a substantial security risk. An inventry f the lcatin f all existing keys and an inventry f trust relatinships invlving these keys shuld be created and evaluated against defined plicies. All issues shuld be crrected ver time thrugh key replacement/rtatin r terminatin, cmmand and surce restrictin implementatin, mandatry identity key authenticatin, and ther means. Remediatin f existing SSH weaknesses and preventin f new SSH weaknesses can bth be significantly imprved by autmating prcesses. Fr example, manually discvering and inventrying all SSH identity and authrized keys, then mapping all the trust relatinships, is practically impssible; autmatin is essentially a requirement. The use f autmatin is als strngly recmmended fr prvisining purpses, where a single request culd affect keys n thusands f hsts. Autmatin fr prvisining eliminates manual steps, reduces privileged administrative access, reduces r eliminates cnfiguratin errrs, and tracks all changes fr use in future audits and in cntinuus mnitring. Cnclusin NISTIR 7966 explains the vulnerabilities assciated with pr management f interactive and autmated SSH access, as well as the ptential impact f misuse r cmprmise f SSH keys used fr client authenticatin. SSH access management is ften ad hc, lacking plicies and requirements, and lacking standardized prcesses and autmated tls. Planning and implementing sund management f SSH keys shuld be addressed in a phased apprach fllwing a clear step-by-step prcess. An example f the phases is identifying needs, designing the slutin, implementing and testing a prttype, deplying the slutin, and managing the slutin. SSH key management shuld be as autmated as pssible. Managing the slutin invlves general security activities, such as maintaining and enfrcing the plicies, testing and applying patches, perfrming cntinuus mnitring t identify peratinal and security issues, and cnducting regular vulnerability assessments. It als invlves several activities particular t SSH access, including perfrming SSH key management duties and adapting the SSH plicies as requirements change (such as switching t a strnger encryptin algrithm r a lnger minimum key size). Organizatins that acquire and use autmated SSH key management prducts shuld be able t significantly decrease their risks related t SSH access with a reasnable amunt f effrt. Withut autmatin, mst rganizatins will struggle t remediate the existing SSH envirnment and t prperly secure new SSH usage. Finally, NISTIR 7966 prvides the fllwing lists t assist rganizatins in implementing SSH security measures: 4

NIST Special Publicatin (SP) 800-53 Revisin 4 security cntrls that are mst pertinent fr securing SSH-based interactive and autmated access management; Selected Cybersecurity Framewrk subcategries with their implicatins t SSH-based interactive and autmated access management; and Criteria fr selecting SSH key management tls. ITL Bulletin Publisher: Elizabeth B. Lennn Infrmatin Technlgy Labratry Natinal Institute f Standards and Technlgy elizabeth.lennn@nist.gv Disclaimer: Any mentin f cmmercial prducts r reference t cmmercial rganizatins is fr infrmatin nly; it des nt imply recmmendatin r endrsement by NIST nr des it imply that the prducts mentined are necessarily the best available fr the purpse. 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information