[Info-vax] Variable declarations, was: Re: improving EDT

Paul Sture nospam at sture.ch
Wed Nov 23 17:49:21 EST 2016 

On 2016-11-23, Kerry Main <kemain.nospam at gmail.com> wrote:
>
> Based on this conversation, this is a timely article from earlier
> today:
>
> How to Protect the Encryption Keys to Your Kingdom
> http://bit.ly/2g3fxw4
>
> "Tatu Ylönen, CEO and founder of SSH Communications Security, was
> clearly frustrated as we talked over lunch. “Why can’t I get
> through to them,” he asked, almost rhetorically. Ylönen was
> expressing a level of dismay common in the security industry.
> Getting senior management to invest in security can be a daunting
> task."
>
> Original will wrap:
> http://www.eweek.com/security/how-to-protect-the-encryption-keys-
> to-your-kingdom.html

Heheh. I stumbled across a video by Tatu on this subject just last week.

A much more detailed account of the ssh key management problem can
be found here on Tatu Ylönen's company website:

<https://www.ssh.com/iam/ssh-key-management/>

--- start quote ---
We have worked with many companies, including several global top-10
banks, leading retailers, and other large Fortune 500 companies. Based
on our findings, most organizations:

    Have extremely large numbers of SSH keys - even several million -
    and their use is grossly underestimated Have no provisioning and
    termination processes in place for key based access Have no records
    of who provisioned each key and for what purpose Allow their system
    administrators to self-provision permanent key-based access -
    without policies, processes, or oversight.

In the case of one representative customer, we went through a quarter of
their IT environment as part of a major SSH key management project. They
had five million daily logins using SSH, most of them using SSH keys for
automation. We analyzed 500 business applications, 15000 servers, and
found three million SSH keys that granted access to live production
servers. Of those, 90% were no longer used. Root access was granted by
10% of the keys.
--- end quote ---



--
A sure cure for sea-sickness is to sit under a tree.
                                   -- Spike Milligan

More information about the Info-vax mailing list