Some common cyber threats facing the retail industry include ransomware attacks, social engineering, system intrusions and insider threats. The retail sector is often targeted by cybercriminals
Secrets are non-human privileged credentials used by systems and applications to access services and IT resources containing highly sensitive information. One of the most common types of secrets organizations use is called an SSH key. Although SSH keys are secure from certain cyber attacks, they can be compromised due to secret sprawl and mismanagement. To securely manage SSH keys, organizations need to establish a centralized secrets-management system, enforce MFA, rotate SSH keys, implement least privilege, remove hardcoded SSH keys and regularly audit privileges.
Continue reading to learn more about SSH keys, SSH key management, best practices for SSH key management and how to manage SSH keys with Keeper.
What is an SSH key?
An SSH key is an access credential for the Secure Shell (SSH) protocol. The SSH protocol is used by machines to securely communicate with each other on a network.. Once authenticated, users of the machine can access the remote operating system, remotely transfer files and access resources on the network.
SSH keys are made up of two keys: a private key and a public key. The public key is stored in the server that the user is trying to connect to. The private key is stored on the user’s machine, known as the client. When the client wants to connect to the server, it requests to authenticate itself. The server will receive the request and send an encrypted string for the client to decrypt using the private key. Once the client has decrypted the string with the private key, they are given access to the server over a secure connection.
What is SSH key management and why is it important?
SSH key management refers to the process, policies and tools used to manage, secure and automate the entire SSH key lifecycle, from creation to deletion. This includes deploying keys to endpoints, launching remote sessions, rotating keys and periodically deleting keys that are no longer used. SSH keys need to be properly managed to secure access to an organization’s sensitive data. If unauthorized users get their hands on the private SSH key, they would have access to the organization’s network and could cause a data breach.
The SSH protocol encrypts traffic between the client and the server. SSH keys automate secure access to servers, avoiding the need to manually enter login credentials. This makes SSH keys unable to be stolen over transit and difficult to crack by brute force attacks. However, organizations can run into a problem known as secrets sprawl, in which the organization has so many secrets that they’re difficult to manage and keep track of. This can lead to secrets being misplaced and misused by unauthorized users. Once an unauthorized user has access to an organization’s network, they can gain higher privileges and steal the organization’s confidential data.
SSH key management best practices
SSH keys provide access to an organization’s network and sensitive data. Organizations need to properly manage SSH keys to ensure they do not fall into the hands of unauthorized users. Here are some of the best practices for SSH key management.
Establish centralized secrets management
Secrets management is the process of organizing, managing and securing IT infrastructure secrets. With secrets management, organizations can securely store, transmit and audit secrets to protect their sensitive information and ensure their operations are running properly. Without a centralized secrets management process, secrets like SSH keys can easily be mismanaged. Each user may manage their SSH keys differently, often leaving their private key in unencrypted locations such as hard coded within applications or files.
Organizations need to establish a centralized secrets management system to ensure that everyone is managing secrets properly. A centralized secrets management system helps organizations identify and audit all of their secrets, eliminating secrets sprawl and hardcoding of credentials. Organizations can properly store their secrets in an encrypted location such as a secrets manager.
Enforce MFA
Multi-Factor Authentication (MFA) is a security protocol that requires users to provide additional factors of authentication to gain access. Organizations should enforce MFA for users with access to SSH keys to add an extra layer of security to their network. When a user tries to connect their client machine to the server, they would be required to provide an additional form of authentication along with the private key such as a password or 2FA code.
Rotate SSH keys
SSH key rotation is the process of periodically deleting SSH keys and deploying fresh key pairs to prevent SSH key compromise and privilege abuse. Both public and private keys must be rotated. Rotating SSH keys ensures they have a limited lifespan and users have a limited amount of time using them. It ensures unauthorized users cannot use previous or forgotten SSH keys to access an organization’s network.
Implement the principle of least privilege access
Least privilege access is a cybersecurity concept that gives users and machines just enough access to an organization’s network of sensitive resources to do their jobs, and no more. Organizations need to implement least privilege to ensure that only authorized users have access to SSH keys. Least privilege access limits the number of users who can access SSH keys to only those who need them. It helps reduce an organization’s attack surface and prevent lateral movement within the network.
Remove hardcoded SSH keys
Organizations often leave their SSH keys in insecure locations, such as hardcoded in applications or files – in plaintext. This allows cybercriminals to exploit security vulnerabilities and use malware to steal the SSH key and gain unauthorized access to the organization’s network. Organizations need to remove hardcoded SSH keys and move them to an encrypted location such as a secrets manager.
Regularly audit privileges
To ensure that secrets management policies are being enforced, organizations need to regularly audit privileges. They need to ensure the right users have access to the SSH keys they need and remove any users who do not need access to them anymore. Regularly auditing privileges helps prevent privilege creep – when users have accumulated higher levels of access than they require. Privilege creep often leads to lateral movement by threat actors or misuse of privileges by insider threats.
Use Keeper® to manage your organization’s SSH keys
SSH keys provide access to an organization’s network of resources such as confidential data and systems. They need to be protected to prevent cybercriminals from breaching the organization. The best way to manage SSH keys is with a secrets management tool. A secrets management tool is a secure storage system for privileged credentials, SSH keys and other secrets used in IT infrastructure.
Keeper Secrets Manager® (KSM) is a zero-trust and zero-knowledge secrets management tool that allows you to manage all of your secrets in a centralized, encrypted location. With KSM, your organization can integrate secrets into your IT infrastructure, automate secrets rotation, manage access to secrets and remove hardcoded secrets.