Common Sense: Rotate your SSH Keys After Employees Depart

When most enterprises think of security exploits they envision sophisticated teams of hackers working to infiltrate sensitive systems. It is actually more common, however, for such issues to start from within. 

According to recent research from Venafi (a provider of machine identity protection), even though SSH keys provide a high level of administrative access control they are very often untracked, unmanaged and very poorly secured.  The result? Former (and rogue) employees are often to blame.

For example, 69 percent of respondents from the financial services industry admit they do not actively rotate keys, even when an administrator leaves their organization. This allows the former employee to have ongoing privileged access to critical and sensitive systems. That's a big problem for those with stores of sensitive information.

What's worse is that 85 percent of respondents to Venafi's study say they do not even have a complete and accurate inventory of all SSH keys. Without such an up-to-date (and correct) inventory, organizations in the financial services industry cannot determine if keys have been stolen, misused or should not be trusted.

"Cybercriminals can leverage compromised SSH keys to gain elevated access to servers and perform nefarious activities, all while remaining undetected," said Nick Hunter, senior technical manager for Venafi.

"In addition, they know that a single SSH key will often be copied across hundreds or thousands of systems. Cybercriminals can use compromised keys to move throughout a financial services organization, creating additional backdoors and setting up beachheads for their operations."