SecureIT is continually reviewing trends, examining technologies and engaging in standards development in cyber security, information assurance, audit, and regulatory compliance. Those efforts, combined with our first hand experience solving our customers’ problems, yield whitepapers and reports that offer insights, guidance and best practice. We hope that you find them useful.
Managing SSH Keys and Associations
The Secured Shell (SSH) service is widely deployed to provide secured connectivity between systems. In other words, SSH is the secured alternative for telnet or ftp services, which are clear text and could expose user credentials and sensitive network traffic to eavesdroppers. SSH provides an encrypted tunnel through which users can enter commands, transfer files, or even use an X Windows graphical users interface.
For many years, auditors have been advocating wide deployment of SSH as a costeffective solution to the security problem of clear text network transports. OpenSSH is the most commonly deployed implementation of the SSH protocol. The price is right – it’s free – and it does not require the complexities of a Public Key Infrastructure (PKI) for generating keys. However, many organizations that have large OpenSSH deployments have found that SSH can introduce new security problems that can be as significant as the problem of clear text transmissions.
Written by Greg Kent, SecureIT Vice President, our three part SSH eBook series provides a comprehensive discussion of the risks, solutions and preventive measures that can improve the security and success of your SSH deployment.
Part 1: Background and Risks
Part 2: Risk Management & Solutions
Part 3: Policy and Prevention
12 Secrets to SOC 2 Success
Attaining SOC 2 compliance is a common requirement for service organizations to attract mid-sized and large commercial customers. Many software service providers first try to obtain SOC 2 compliance through internal initiatives.
Unfortunately, SecureIT has found that most organizations seeking first time SOC 2 compliance underestimate the scope of the challenges they face and overestimate the ability of their IT organization to implement the controls and process changes needed.
This eBook shares insights that we have gained from providing guidance and hands-on assistance to enable dozens of organizations to achieve and sustain SOC 2 compliance on their first attempt. Read it now.