Reforming secure shell key management: A primer for local governments (with related video)

Since its inception, the secure shell (SSH) data-in-transit protocol has been used by every type and size of government to secure data as it moves throughout the network environment. Secure shell has safeguarded billions of government data transactions without being compromised. But while the protocol itself is highly secure, today’s rapidly evolving threatscape is forcing governments to reconsider how to manage their secure shell environments.

Local governments use secure shell most often to transfer substantial amounts of sensitive information within the network environment, including personally identifiable information, healthcare records, credit card numbers and other sensitive information often found in government files.

With the increase in advanced threat vectors, it is more imperative than ever that local governments implement proper secure shell key management protocols. The more governments deviate from a best practices approach to secure shell key management, the higher the risk is to the network and its users.

Best practices for properly managing secure shell environments include:
•    Automating key setups and key removals, thereby eliminating manual work and human errors,
•    Discovering all existing users and public and private keys, and mapping trust between machines and users,
•    Enforcing proper approvals for all key setups,
•    Monitoring the environment to determine which keys are actually used and removing keys no longer in use,
•    Restricting where each key has access and what commands can be executed using the key, and
•    Rotating keys regularly, so that copied keys cease to work and proper termination of access can be ensured

While secure shell is the benchmark for data-in-transit security, the current threat landscape requires local governments to rethink how they are managing access to their encrypted networks. Best security practices like the ones identified above will position local governments to prepare for security threats and new compliance mandates before they occur.

Tatu Ylönen is the CEO and founder of SSH Communications Security. While working as a researcher at Helsinki University of Technology, Ylönen began working on a solution to combat a password-sniffing attack that targeted the university’s networks. What resulted was the development of the secure shell (SSH), a security technology that would quickly replace vulnerable rlogin, TELNET and rsh protocols as the standard for data-in-transit security.

Ylönen has been a driver in the emergence of security technology, including SSH & SFTP protocols. He is a co-author of globally recognized IETF standards. He has been with SSH since its inception in 1995, holding various roles including CEO, CTO and as a board member.  He holds a Master of Science degree from the Helsinki University of Technology.

SSH Communications Security is based in Helsinki, Finland. The firm has an office in Waltham, Mass.

Tatu Ylönen discusses SSH key management in this video.