It has always been important for enterprises to not disregard the exposure a new technology introduces to the company, even if the new technology improves upon security. Although Secure Shell (SSH) is the status quo, it’s important for companies to not become complacent and to continue to investigate improvements in mitigating potential risks. While Secure Shell is an improvement over previous protocols regarding encryption and integrity, it also introduces exposures and makes administrative transparency more difficult.
While accountability, non-repudiation, and data integrity are important elements that comprise a sound enterprise security model, these elements still constitute a highly-flawed arrangement when dealing with remote administration. It can be difficult to strike a balance between accountability and routine protection for secure communications and Secure Shell comes with many risks. Through the development of a trusted third-party system, though, you can easily mitigate these risks while facilitating workable administration transparency.
SSH was developed in 1995 and has grown to be the standard way to remotely administer UNIX-based operating systems. The trusted third-party system (TTP) is a web-enabled application that acts as an intermediary between administrative clients and the systems they access using Secure Shell. With trusted third-party systems, sessions are proxied using a secure WebSocket connection over Transport Layer Security (TLS). SSH connections are established server-side to the protected servers and since TLS can be decrypted at the application level, all communications can be secured and audited. By implementing a trusted third-party system, the applications will be able to control access to the system themselves, ensure revocation of administrators, and centralize authentication.
Some features of Secure Shell can expose critical segments outside of the protected network and port forwarding through a Secure Shell tunnel can allow for an administrative user to expose protected communications ports, causing services on the local system to be at risk. While Secure Shell can prevent data from being intercepted by third-parties, there’s still a lack of indication when first-parties mishandle data. By forcing all administrative traffic through the control system, databases can’t be exposed through port forwarding and data can’t be copied.
Secure Shell also makes centralized auditing difficult because it is encrypted end-to-end from the client to the server. Audit logs, audit settings, and privileges to those logs and settings are typically maintained on the systems themselves but audit logs tend to lack details and are at risk of being incomplete and, therefore, susceptible to manipulation. Implementing a trusted third-party system for your Secure Shell will make it possible to flag administrative sessions for additional review, if the session falls outside the established pattern norms, as the control system collects auditing data.
There might be little systematic protection when dealing with Secure Shell and any defense that enhances transparency would most likely have to be carried out procedurally but implementing a trusted third-party system can help drastically. Systems administered through Secure Shell can be recognized for their limitations and can only be secured procedurally which doesn’t provide enterprises with the administration transparency they need. By implementing a trusted third-party system that layers Transport Layer Security on top of Secure Shell though, enterprises can gain immediate systematic protection and new capabilities around administrative auditing which provides them with the much-needed transparency they desire.
If you want to learn more about how secure shell can be implemented as a trusted third-party, click the link below for more information.