Source: securityboulevard.com – Author: Michael Vizard
The OpenPubkey project this week shared a mechanism for remotely logging into IT environments based on the OpenID Connect (OIDC) protocol that makes authentication using Secure Shell (SSH) certificates more secure.
OIDC is a protocol that lets users log into websites or applications using email accounts or some other single sign-on (SSO) service. It then automatically generates an encrypted identity token specific to that application that a third-party service has authenticated.
Developed by BastionZero, Docker and the Linux Foundation, OpenPubkey, in essence, adds a temporary public key to the ID token that can now be added to an SSH certificate.
Lucie Mugnier, technical lead for BastionZero, said that approach adds a single-factor authentication capability that can be used to verify the identity of anyone logging into a system. OpenPubkey is also extensible enough to enable multifactor authentication (MFA) if needed, she added.
That approach also eliminates the need to juggle the management of multiple SSH keys that are frequently targeted by cybercriminals launching phishing attacks, noted Mugnier.
The history of cybersecurity is littered with incidents involving compromised SSH keys. One of the reasons IT staff are frequently targeted is because once access to SSH keys is achieved, a cybercriminal can gain access to the entire IT environment.
The OpenPubkey project is part of multiple initiatives led by The Linux Foundation to improve open source security. There is a clear need for increased collaboration among cybersecurity professionals to address these issues. In the case of SSH, there is simply too much reliance on it to replace it, so the next logical approach is for the open source community to find better ways to secure it rather than attempting to reinvent the wheel, noted Mugnier.
There is, of course, no such thing as perfect security, but the current bar for authentication using passwords and certificates is too low. The cost of launching phishing attacks is so low that cybercriminals don’t think twice about sending millions of messages in the hope of being able to eventually steal a handful of credentials. Often, they will use those credentials to log in multiple times to determine how to wreak the most havoc possible before striking. Known as “living off the land,” that tactic makes it harder for cybersecurity teams to detect these intrusions because, after a while, they appear to be just another routine login.
Ultimately, cybersecurity and IT operations teams will need to work more closely to secure SSH keys as part of a larger zero-trust IT initiative to thwart these types of attacks. The challenge is, as always, putting the processes in place required to change the internal culture of organizations that, in many cases, have been employing SSH for decades.
In fact, the biggest challenge of all when it comes to cybersecurity may not be any given technology but rather how it is being used in a way that creates vulnerabilities that are often too subtle to appreciate until damage has already been inflicted.
Recent Articles By Author
Original Post URL: https://securityboulevard.com/2024/01/latest-openpubkey-project-initiative-makes-ssh-more-secure/
Category & Tags: Application Security,Cloud Security,Cybersecurity,Data Security,Featured,Governance, Risk & Compliance,Identity & Access,Identity and Access Management,Network Security,News,Security Boulevard (Original),Social – Facebook,Social – X,Spotlight,Authentication,OpenPubKey,PKI,public-key infrastructure,SSH – Application Security,Cloud Security,Cybersecurity,Data Security,Featured,Governance, Risk & Compliance,Identity & Access,Identity and Access Management,Network Security,News,Security Boulevard (Original),Social – Facebook,Social – X,Spotlight,Authentication,OpenPubKey,PKI,public-key infrastructure,SSH
