[ISN] Poorly managed SSH keys pose serious risks for most companies

http://www.computerworld.com/s/article/9246512/Poorly_managed_SSH_keys_pose_serious_risks_for_most_companies By Jaikumar Vijayan Computerworld February 22, 2014 Many companies are dangerously exposed to threats like the recently revealed Mask Advanced Persistent Threat because they don’t properly manage the Secure Shell (SSH) cryptographic keys used to authenticate access to critical internal systems and services. A Ponemon Institute survey of more than 2,100 systems administrators at Global 2000 companies discovered that three out of four enterprises are vulnerable to root-level attacks against their systems because of their failure to secure SSH keys. Even though more than half of the surveyed enterprises had suffered SSH-key related compromises, 53% said they still had no centralized control over the keys and 60% said they had no way to detect new keys introduced in the organizations. About 46% said they never change or rotate SSH keys