Rawpixel - Fotolia
In this episode of SearchSecurity's Risk & Repeat podcast, SSH creator Tatu Ylonen talks about the SSH security issues facing enterprises today and how they should be addressed.
As the creator of SSH, Tatu Ylonen should probably be ecstatic that his invention has become so ubiquitous. But, these days, Ylonen is anything but happy, thanks to poor SSH security practices.
Ylonen, CEO of SSH Communications Security, created the SSH cryptographic network protocol in 1995 as a way to enable secure remote access to systems. However, over the last decade, Ylonen has grown concerned about the proliferation of -- and lack of management around -- SSH keys. Many organizations rely on SSH to secure their data centers, but, too often, security teams fail to properly track SSH keys and perform basic key management, he said, which puts crucial enterprise infrastructure at risk.
In addition, Ylonen said SSH has proliferated beyond servers and is used today in the firmware of wireless routers and other internet of things (IoT) devices. Because these devices are rarely, if ever, updated, attackers can exploit vulnerabilities and take control of these IoT devices to leverage them in distributed denial-of-service attacks and other malicious activities.
How can enterprises address these SSH security challenges? What types of attacks can be leveraged through exposed SSH keys? What can be done about insecure IoT devices that are vulnerable to compromise?
Ylonen recently spoke with SearchSecurity about these issues and more on the topic of SSH security. He also discussed how SSH use has evolved over the last decade, and what that means for both enterprises and technology vendors. Listen to the full interview with SSH creator Tatu Ylonen in the latest episode of SearchSecurity's Risk & Repeat podcast.
Risk & Repeat: Second Yahoo data breach discovered
Risk & Repeat: Avalanche crimeware as a service operation busted
Risk & Repeat: IoT botnets growing more sophisticated