16. //
//
• Both systems authenticate
connections between clients
and servers
• Both encrypt sessions
• Both can leverage asymmetric
or symmetric cryptography
• Both use built-in mechanisms
to insure data integrity
(algorithms and hashing, etc.)
• SSL/TLS usually employs x509
certificates, the SSH protocol
creates digital keys
• SSH includes commands that
allow activities like remote login
and command execution
• SSH supports a host of other
protocols and features: secure
file transfer, secure copy, flow
control, multiplexing, terminal
management
16
Similarities with SSL/TLS
18. //
“We’re changing audit procedures
again. They’ve added the requirement
to account for SSH key access.”
“Ummmm…. We don’t track SSH
key access. But I think we have
about 500,000 key pairs in our
different estates.”
Jim, the CISO
Chris, the InfoSec Dir
“We need to know in 60 days.”
“Oh SSHit.”
Jim, the CISO
Chris, the InfoSec Dir
19. //
Jim, the CISO
Chris, the InfoSec Dir
“What did the survey say?”
“Did I say 500,00 key pairs?”
“We need a plan by quarter end on how
we’re going to go from 6 million to no
more than 2 million key pairs.”
“It turns out we have
about 6 million key pairs.”
Chuck, the COO
60 Days Later…
Machine identities are critical to security and availability, but tend to be under protected. To understand why, let’s look at the two kinds of actors on every network—people and machines.
[Click]
People rely on user names and passwords to identify themselves and to gain access to machines, applications and devices. But machines don’t. They use digital keys and certificates to authenticate and secure communication between machines.
[Click]
Transition: In any complete identity and access management program, it’s important to secure and protect the identities of both people and machines, but in most organizations, that’s not what’s happening.
Machine identities are critical to security and availability, but tend to be under protected. To understand why, let’s look at the two kinds of actors on every network—people and machines.
[Click]
People rely on user names and passwords to identify themselves and to gain access to machines, applications and devices. But machines don’t. They use digital keys and certificates to authenticate and secure communication between machines.
[Click]
Transition: In any complete identity and access management program, it’s important to secure and protect the identities of both people and machines, but in most organizations, that’s not what’s happening.
Machine identities are critical to security and availability, but tend to be under protected. To understand why, let’s look at the two kinds of actors on every network—people and machines.
[Click]
People rely on user names and passwords to identify themselves and to gain access to machines, applications and devices. But machines don’t. They use digital keys and certificates to authenticate and secure communication between machines.
[Click]
Transition: In any complete identity and access management program, it’s important to secure and protect the identities of both people and machines, but in most organizations, that’s not what’s happening.
Machine identities are critical to security and availability, but tend to be under protected. To understand why, let’s look at the two kinds of actors on every network—people and machines.
[Click]
People rely on user names and passwords to identify themselves and to gain access to machines, applications and devices. But machines don’t. They use digital keys and certificates to authenticate and secure communication between machines.
[Click]
Transition: In any complete identity and access management program, it’s important to secure and protect the identities of both people and machines, but in most organizations, that’s not what’s happening.