Skip to content

Portnox Selected as 2024 SC Awards Finalist for Best Authentication Technology in the Trust Category

With Conditional Access for Applications, Portnox delivers a unified solution for zero trust access control.

 

Austin, TX – Aug. 30, 2024—Portnox, a leading provider of cloud-native, zero trust access control solutions, today announces that Portnox has been recognized as a 2024 SC Award finalist in the Trust Award category for Best Authentication Technology. The company entered its Conditional Access for Applications product, which launched in March. Conditional Access helps distributed, heavily SaaS-reliant organizations combat the rise in device-based attacks against enterprise applications through a risk-based approach that works lockstep with infrastructure and network security efforts.

This announcement was made on Thursday, August 29, 2024, as part of SC Media’s 2024 SC Awards coverage. The SC Awards recognize the solutions, organizations, and individuals that have demonstrated exceptional achievement in advancing the security of information security. Find Portnox and the complete list of finalists here.

“The finalists for the 2024 SC Awards truly represent the forefront of cybersecurity innovation and leadership,” said Tom Spring, Editorial Director at SC Media. “These solutions, organizations, and professionals have demonstrated outstanding capabilities in addressing today’s complex and ever-changing threat landscape. We are proud to recognize their contributions to the cybersecurity community.”

This year, the SC Awards received a remarkable number of entries across 34 specialty categories. Entries were evaluated by a distinguished panel of judges, including cybersecurity professionals, industry leaders, and members of the CyberRisk Alliance community from sectors such as healthcare, financial services, education, and technology.

“Complete cybersecurity protection goes well beyond just controlling access; IT teams must meet ever-evolving security compliance requirements. That means they need to be able to monitor and mitigate the risk every connected endpoint poses — including managed devices, unmanaged BYOD, and insecure IoT,” said Denny LeCompte, Portnox CEO. “With Portnox, the endless list of enterprise applications no longer serves as a directory of easily targeted access attack vectors.”

Winners of the 2024 SC Awards will be announced on September 17, 2024.

 

About CyberRisk Alliance

CyberRisk Alliance provides business intelligence that helps the cybersecurity ecosystem connect, share knowledge, accelerate careers, and make smarter and faster decisions. Through our trusted information brands, network of experts, and more than 250 innovative annual events we provide cybersecurity professionals with actionable insights and act as a powerful extension of cybersecurity marketing teams. Our brands include SC Media, the Official Cybersecurity Summits, Security Weekly, InfoSec World, Identiverse, CyberRisk Collaborative, ChannelE2E, MSSP Alert, LaunchTech Communications and TECHEXPO Top Secret. Learn more at www.cyberriskalliance.com.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Third-party reviews: Check Point alternatives and competitors

In 2024, increased attacks on serverless technologies, predicted by Google Cloud’s Security report, became a reality. Misconfigured cloud environments contributed to 30% of incidents in the first half of the year. That’s why it’s important not only to choose a robust Secure Access Service Edge (SASE) cybersecurity solution but also to ensure it is properly configured to protect your company.

In this article, we’ll compare Check Point alternatives, including NordLayer, Fortinet, and Zscaler, to help organizations find the best solutions for enhanced security and protection.

In brief,

  • Check Point, Fortinet, and Zscaler are enterprise-level providers with effective but costly and complex solutions.

  • While NordLayer doesn’t cover all SASE features, it offers a highly-rated solution with some SSE features (part of SASE). It also stands out for its proactive configuration assistance and 24/7 support.

Let’s explore these solutions and see which one might best suit your organization’s protection and security needs.

Check Point software overview

Check Point Software is a long-standing player in the cybersecurity market. It was founded in 1993 and has offices around the world, including in sanctioned countries such as Russia and Belarus.

Check Point offers a wide array of cybersecurity software solutions, but here are the main five areas.

  1. Cloud (Check Point CloudGuard): Provides cloud security services to protect public, private, and hybrid environments. It includes firewall, threat prevention, and posture management software.

  2. Security for remote users (Harmony): Protects remote users with endpoint security tools. Harmony secures devices, web browsing, email, and collaboration software solutions.

  3. Security ops (Horizon): Supports security operations by providing services for threat detection, incident response, and automation.

  4. Network security (Quantum): Delivers advanced firewall and intrusion prevention services to protect networks.

  5. All (Infinity Platform): Integrates multiple security products into one platform. This product covers network, cloud, and endpoint security.

As you can see, Check Point offers a wide range of products that can address various security needs from a product standpoint.

Most mentioned product strengths

Check Point Software offers features that help to secure various network infrastructure and cyber security aspects. Here are some mentioned by users:

  1. Secure network access for businesses

  2. Advanced threat prevention and real-time threat detection

  3. Zero Trust Network Access (ZTNA) features

  4. Deep packet inspection and SSL inspection

  5. Firewall with VPN access management for remote users

  6. Geo-location filtering and detailed URL filtering

  7. Zero-day attack protection with quick patch updates for vulnerabilities

  8. Network mapping and compliance testing across environments

  9. Environment-specific reports generated for better oversight

Most mentioned overall product benefits of Check Point

Here are some things users often mentioned about Check Point products overall:

  1. Well-known and respected in the industry

  2. Reliable and effective

  3. Unified security management system

  4. Centralized firewall management with easy server integration

  5. User-friendly interface

  6. Minimal need for daily adjustments after the setup

Limitations of Check Point

Despite its strengths, Check Point Software may have some limitations that might not align with the needs of every organization. They might include:

  1. Complicated and costly pricing

  2. Complex setup and configuration

  3. Slowing down during heavy traffic

  4. Difficult advanced features and services

  5. Slow, upgrade-focused support

  6. Overwhelming product range

  7. Lacks competitive SD-WAN alternatives

  8. VPN client issues on MacOS

Disclaimer: This product review is based on information provided on VPN review sites and social networking forums such as Gartner, G2, and Reddit. It also assessed customer feedback shared on these platforms, accessed on August 13, 2024.

Let’s look at Check Point alternatives.

1. NordLayer

Overview of NordLayer

NordLayer is a network security solution designed to provide safe access to company resources from any location. It provides protection for networks, facilitates remote work, and aids in meeting compliance requirements. Developed by Nord Security, the creators of the popular NordVPN service, NordLayer offers a multi-layered defense for your network.

NordLayer assists organizations in implementing Firewall as a Service (FWaaS), Zero Trust Network Access (ZTNA), and Secure Web Gateway (SWG) principles, with a focus on the Secure Service Edge (SSE). It delivers SaaS security features to control access to the internet, resources, and networks.

NordLayer’s flexibility makes it a good fit for businesses of all sizes that need scalable protection.

Product strengths

Product benefits of NordLayer

NordLayer addresses three key business needs. First, it helps enable secure internet access, including for remote employees, and protection while browsing. Second, it segments and controls access to company resources. Third, it helps companies ensure compliance with key cybersecurity regulatory frameworks through easy-to-use visibility dashboards and straightforward identity and access management.

NordLayer primarily focuses on network protection and provides key SSE features, including:

  • Shared gateways and virtual private gateways

  • Quantum safe encryption

  • Dedicated servers with Fixed IP

  • Cloud Firewall

  • Device Posture Security

  • IP allowlisting

  • Web protection (formerly Threatblock)

  • DNS Filtering capabilities

  • NordLynx VPN protocol

  • Browser Extension that enhances performance while ensuring secure browsing

Overall product benefits of NordLayer

Compared to larger solutions discussed in this article, NordLayer offers several key advantages:

  • Transparent pricing, with plans starting at $7 per user per month

  • Proactive setup support to minimize misconfiguration risks

  • 24/7 live support, dedicated account managers, and personalized assistance

  • Direct influence on product development and growth

Limitations of NordLayer

Despite its many strengths, NordLayer has some limitations:

  • Less established brand and not as widely recognized

  • Fewer features and capabilities

  • Slows down the internet connection when using the VPN

  • Can’t adjust team size online; need to contact support to downgrade

  • Sometimes, NordVPN and NordLayer are confused

NordLayer reviews

Users frequently praise NordLayer for its ease of use, even for those without extensive IT knowledge. They also appreciate the helpful support provided at every stage.

Reviews

Disclaimer: This product review is based on information provided on our website, VPN review sites and social networking forums such as Gartner, G2, and TechRadar. It also assessed customer feedback shared on these platforms, accessed on August 13, 2024.

2. Fortinet

Overview of Fortinet

Fortinet is a well-known cybersecurity provider, established over 20 years ago in California. Overall, Fortinet is a versatile option for medium to large enterprises protection.

The company specializes in network security, unified SASE, and cloud security for enterprises. While Fortinet does offer solutions for small and midsize businesses, user reviews suggest that it is particularly well-suited for large companies that can benefit from using multiple Fortinet products together.

Most mentioned product strengths

Fortinet’s products are designed to offer comprehensive security services with a focus on performance and scalability.

  1. Well-built, stable hardware, particularly for perimeter firewalls

  2. Next-Generation Firewall featuring AV, IPS, web filtering, application control, and VPN

  3. Advanced Threat Protection

  4. Functions as a wireless controller at no additional cost

  5. FortiGuard Labs threat intelligence

  6. FortiGuard services, including antivirus, data loss prevention, and anti-spam

  7. SecureFabric for isolated communications

Most mentioned overall product benefits of Fortinet

Fortinet stands out due to its strong performance capabilities and broad security features that cater to various business needs.

  1. Intuitive and easy-to-use GUI

  2. Full-stack, single-pane integration

  3. SSL VPN with no extra licensing

  4. Easy firewall configuration

  5. Centralized control and visibility

  6. Cost-effective

  7. Simple management and customization

  8. Easy implementation across platforms

  9. Consistent OS across all devices

Limitations of Fortinet

While Fortinet offers extensive features, it may also have some drawbacks, depending on an organization’s specific needs.

  1. Limited technical support for security products

  2. Logging lacks real-time information and is hard to navigate

  3. Complex configuration and firewall software syntax

  4. VPNs frequently drop, affecting customer experience

  5. Documentation is complex and lacks vital information

  6. The learning curve for rich security features

  7. High license costs, challenging for small-scale organizations

  8. Frequent bugs impact product reliability

  9. Manual firmware updates hinder customer experience

  10. Needs flexible pricing and service options to protect smaller organizations

Disclaimer: This product review is based on information provided on VPN review sites and social networking forums such as Gartner, G2, and Reddit. It also assessed customer feedback shared on these platforms, accessed on August 13, 2024.

3. ZScaler

Overview of ZScaler

ZScaler, founded in 2007 and based in California, specializes in a cloud-native Zero Trust Exchange platform designed to protect customers from cyber-attacks and data loss. As a cloud-based security service provider, ZScaler focuses on securing internet traffic and managing user access to applications.

Most mentioned product strengths

ZScaler provides a range of capabilities designed to enhance security and manageability for organizations that operate in distributed and cloud environments.

  1. Wide array of security features

  2. Numerous customizable options

  3. Granular control in creating security policies

  4. Easy-to-generate reports

Most mentioned overall product benefits of ZScaler

ZScaler’s cloud-native approach and focus on zero trust make it a strong contender in the cybersecurity market.

  1. High performance

  2. Reliable connectivity

  3. Stable cloud-native architecture

  4. Centralized access management and security visibility

  5. User-friendly interface

  6. Scalable at any time

Limitations of ZScaler

Although ZScaler is innovative, it has drawbacks that might not suit every organization.

  1. Complex migration from legacy VPN to cloud-based Zero Trust Network Access

  2. The steep learning curve for users

  3. Incorrect URL classifications affecting security

  4. Disconnection during brief internet fluctuations

  5. Lacking detailed API documentation

  6. Poor customer support and response

  7. Time-consuming setup process

  8. Confusing pricing information for services and products

Disclaimer: This product review is based on information provided on VPN review sites and social networking forums such as Gartner and G2, and it assesses customer feedback shared on these platforms, accessed on August 20, 2024.

Choosing the right network security solution

Finding the right network security solution is crucial for your organization’s protection and growth. Here’s what to focus on:

  • Ensure the software integrates well with your current systems

  • Assess firewall capabilities that match your organization’s needs

  • Review each option’s ability to scale with your organization

  • Prioritize ease of use for smooth implementation and management

  • Evaluate the provider’s support and customer service

Start by considering these factors to secure your organization effectively.

Disclaimer: The information in this article is provided for informational purposes only. It is based on publicly available third-party reviews, user feedback, and online sources accessed between August 13, 2024, and August 20, 2024, and should not be considered definitive or permanent. While we strive for accuracy and completeness, Nord Security Inc. and its affiliates make no guarantees regarding the information’s accuracy, completeness, or suitability. We do not undertake, warrant, or represent that any product, or its feature, is or will remain publicly regarded as better or worse than other alternatives, serve any purpose, has mentioned features, benefits, strengths, and limitations for any period of time. Product features, pricing, and other details may change, and we advise readers to verify these directly with vendors. We disclaim any liability to any party for any errors, omissions, or actions taken based on this information. The inclusion of competitor products does not imply affiliation or endorsement, and all trademarks mentioned are the property of their respective owners. Readers should conduct their research and seek independent advice before making purchasing decisions.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

The Importance of Upgrading

The Importance of Upgrading 

When thinking about keeping your network safe, upgrading networking hardware is often overlooked. It’s hard enough to get everything to play nicely together, and once it does, the last thing you want to do is disrupt that delicate balance. Plus, there’s a lot of planning, a lot of meetings, and probably a lot of money to spend. No wonder just the thought of upgrading infrastructure makes most admins want to run and hide.

Not upgrading, though, can put you at risk in a variety of ways.

EOL?  EOE?  EOS? SOL!

Nothing gold can stay, and that is as true for networking hardware as much as anything else.  As vendors develop new and exciting feature sets, old hardware gets strained more and more until, finally, it just can’t keep up.  You might not necessarily be interested in those new features – as long as the packets are flowing, who needs the latest and greatest?  And that makes sense – there’s a lot to be said for not being an early adopter.  As cool as cutting-edge innovation often sounds, it sometimes fails to deliver on its promises  (Look at the ill-fated Lily Drone, the Juicero Juicer, and the Cisco Umi – all products that showed great promise, but fell far short of expectations.)

We all understand how important it is to at least keep up with security updates, but products don’t get updates forever.  Watch out for these 3 phases of the product life cycle signify it’s time to get ready for replacements:

EOE: End of Engineering

No new features or fixes will be developed during this phase, although critical security fixes might still be released, and you can still get support….although the answer to most of your support questions will probably be “Upgrade.”

EOS: End of Support

There is no support and probably no security fixes (although if a critical vulnerability is uncovered, you might get a patch). For all intents and purposes, the product is dead. You might be able to get support assistance to upgrade, or they might help you if you run into an already-known bug.

EOL: End of Life

Stick a fork in it; it’s done – no support, no patches, no nothing.  For all intents and purposes, this product no longer exists.

Still Lurking Out There

Why does it matter if something still has vendor support?  Well, just because the vendor has seemingly forgotten about these devices does not mean hackers have.  Here’s an example:  In 2021, six years after Western Digital ended support for their My Drive line of external hard drives, a remote code execution bug resulted in many users losing all of their data.  The worst part is the vulnerability was reported to Western Digitial in 2018, a full three years before the bug was exploited, but since support for the drives had already ended Western Digital chose not to fix it.  

Sometimes those new features become default standards.  Devices in the late 90’s that shipped with 802.1a or 802.1b wireless networks were quickly rendered obsolete when a critical design flaw was found in  WEP.  Anyone not wanting a laughably easy to hack wireless password had to get completely new hardware.  Now all networking hardware ships with some form of WPA enabled.  

If you’re still not covinced, consider this: you could run afoul of the law if you use out-of-date hardware.  Many regulatory standards like GDPR, HIPAA, PCI DSS and more require organizations to take reasonable steps to protect sensitive information.  If you are the victim of a data breach, you will have a hard time justifying the use of old hardware.  It could also impact your certifications – if you maintain SOC 2 or ISO 27001, EOL hardware might put you out of compliance.   

Upgrading networking may not be the most exciting prospect, but as technology evolves and grows, it’s crucial to ensure you’re not falling behind. Proactive upgrades not only enhance your ability to stay secure, but they also keep you safe from regulatory and legal penalties in the case of a data breach.  Investing in the future by keeping your network infrastructure current will ensure you can support your organization’s goals for security, growth, and innovation going forward.  

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Simplifying macOS Enrollment Process: Automate, Streamline, and Secure Your Device Setup

Beyond just getting the devices up and running, ensuring a smooth and straightforward device setup process is essential for both IT teams and end-users. More often than not, the initial setup is challenging for IT teams, with several IT hours spent setting up user accounts, configuring network settings, and deploying necessary software. 

Pre-Stage Setup for macOS

One of the major hurdles IT admins face while configuring the ADE/DEP setup for Apple devices is managing account privileges. While the Primary Account should ideally be set as a Standard Account to enhance control and mitigate security risks, it’s often complicated by the need to assign Admin privileges. This not only adds to the complexity of device management but also introduces potential security vulnerabilities.

Additionally, there’s the challenge of maintaining a dedicated management account for routine administrative tasks. This account is crucial for tasks like maintenance and scripting but must also be secure and easily accessible—even in scenarios where the password is forgotten.

We recognized these challenges and to solve them, we’ve introduced the Pre-Stage Setup for Account Creation feature within the ADE/DEP enrollment process.

With this feature, we aim to help streamline device setup on Scalefusion while also significantly enhancing IT teams’ efficiency. By automating the account creation process, IT teams can now minimize the potential configuration drift and reduce manual errors, ensuring consistency across devices. This ultimately saves valuable time for IT teams, allowing them to focus on more strategic tasks.

It supports the creation of an ADE Admin account and enables password changes via Scalefusion MDM, without requiring the Scalefusion Agent. This ensures that the admin account remains consistently accessible on all enrolled devices.

How Does It Work: Simplifying Account Setup During Enrollment

During the ADE/DEP enrollment process, IT admins can now pre-configure primary account details, making the initial device setup more intuitive and user-friendly. Whether you want to prefill account information or skip account creation entirely, the choice is yours.

With this feature, IT teams can choose to:

Create a Primary Account:

Use custom properties (like $device. or $user.) to automatically prefill account details, and decide whether users can modify these details during setup. Additionally, you can control whether the Primary account will be set as an Admin or a Standard account.

Skip Primary Account Creation:

Opt to bypass the creation of a primary account, streamlining the process for situations where it’s unnecessary. This option is particularly useful when IT admins need to set up the device themselves before handing it over to the user at a later point. In such cases, the admin can create an Auto-Admin account and skip the primary user account creation.

And there’s more. IT teams can choose to create an Admin account during the enrollment process. For those who require an admin account during enrollment, the Pre-Stage Setup offers the option to create ADE Admin accounts seamlessly.

Not only can this account be hidden from the end-user, but it can also be configured as the managed or enrolled user instead of the default primary account.

These accounts are displayed as ADE accounts in the UAM section and cannot be downgraded to standard users or deleted, ensuring a consistent level of control and security.

To get started with the configuration, you do not need the Scalefusion MDM agent,

Closing Lines…

The Pre-Stage Setup for Account Creation is set to redefine the enrollment experience for macOS devices, providing IT teams with the tools to create a smooth, efficient, and user-friendly setup process. This enhancement not only reduces the cognitive burden on IT teams but also ensures that end-users have a hassle-free experience from the moment they power on their device.

We’re thrilled to bring you this feature as part of our ongoing commitment to improving device management. Stay tuned for more updates as we continue to innovate and evolve.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Scalefusion
Scalefusion’s company DNA is built on the foundation of providing world-class customer service and making endpoint management simple and effortless for businesses globally. We prioritize the needs and feedback of our customers, making sure that they are at the forefront of all decision-making processes. We are dedicated to providing comprehensive customer support services, and place emphasis on customer-centric thinking throughout the organization.

How to detect SSH key reuse

The Secure Shell (SSH) protocol is an encrypted network protocol used to access an interactive shell and perform file transfers between systems over untrusted networks. SSH is the de facto management protocol for non-Windows machines (and even some Windows systems), replacing the Telnet protocol from days past.

The most recent version of the protocol, SSH-2, was standardized in 2006 and provides a high level of security when configured correctly. runZero analyzed aspects of SSH in the ecosystem to explore how SSH is being deployed in the real world.

My voice is my passport. Verify me.

The Secure Shell protocol consists of three phases. First, a secure transport is negotiated, similar to TLS. After the transport key negotiation is complete, the client attempts to authenticate, specifying one of a handful of known methods, and the server replies indicating whether the authentication succeeded and what remaining authentication methods are available if not. Finally, after successful authentication, a session is opened. This session enables access to channels, which in turn provide interactive shells, port forwarding, agent forwarding, and file transfer capabilities, among other options.

The three most common authentication mechanisms are:

Of the three mechanisms, publickey is by far the most secure and considered best practice. This type of authentication also supports key certificates, which provide even stronger security for key issuance and revocation. In publickey authentication, a user’s public key is stored in their profile on the destination system and only someone with the corresponding private key can authenticate. This prevents compromise through password-guessing attacks.

FIGURE 1 – A partial screenshot of runZero showing the results of an SSH scan.

In our survey of SSH endpoints, 54% support both password and publickey authentication. This is the default for many modern SSH services, and allows the optional use of a strong public key while allowing for the ease of password setup. In general, best practices recommend that the password mechanism be used only to set up public key authentication, after which it should be disabled. Leaving password authentication enabled exposes systems to password enumeration attacks and the potential for weak passwords set by users.

Password authentication is more common on storage and networking devices, where accounts are less likely to be associated with individual persons. Often, though, these systems still support publickey authentication, which should always be preferred over password authentication where possible.

Looking at the big picture, 95% of SSH endpoints offer publickey authentication. Whether these systems are configured to use it is another question entirely. What is perhaps somewhat disheartening is that, while 95% of endpoints support the most secure mechanism, approximately 92% still support some form of password authentication as well.

FIGURE 2 – Distribution of SSH authentication method combinations.

Dupes and Duplicity

SSH servers identify themselves by way of an SSH host key pair. Just as key pairs allow users to prove their identity, so too do host keys allow servers to prove their identity to users. Or at least prove their possession of the correct key.

This functionality is critically important. Without it, users could be tricked into thinking that they had logged into a totally different, possibly spoofed or malicious, system, with obvious security ramifications. However, unlike TLS, most SSH servers are not configured to use any form of Public Key Infrastructure (PKI) or other chain-of-trust to establish proof of server identity. Such functionality is available, but is not in widespread use.

Instead, most SSH clients will use a technique called Trust on First Use (TOFU). In this scheme, the client will trust a host key the first time it receives it for a given host. Going forward, if the host key changes, the SSH client can alert the user to the problem. While this doesn’t allow the user to confirm the host’s identity, it at least allows them to confirm that the host’s identity hasn’t changed.

ubuntu@u2404-infra-02: ̃$ ssh 192.168.50.127 
The authenticity of host ‘192.168.50.127(192.168.50.127)’ can’t be established.
ED25519 key fingerprint is SHA256:wdNLQA-2vyp6Qv+8T7Ac2rF6vRJz34P5RCQo9VJAa+Ms.
This key is not known by any other names.
Are you sure you want to continue connecting
(yes/no/[fingerprint])? █

While host keys are ostensibly used to uniquely identify a host, oftentimes multiple hosts have the same host key. This is sometimes intentional, such as when automatically provisioning many ephemeral systems. Unfortunately, it can also happen accidentally, such as during virtual machine image cloning, and this can have very undesirable consequences since it undermines the concept of key trust.

We performed a limited audit to see how frequently host keys were being reused across our data set. We identified more than 350 instances where the same host key was shared across unrelated environments. Further exploration across the wider Internet revealed thousands of additional shared host keys. These are often the result of a vendor generating keys as part of an operating system (OS) image instead of regenerating them when the OS first boots or is provisioned for the customer. In the case of publicly available VM images or hardware, malicious actors could collect the key pairs from the images and use them in attacks. The real world impact would be that malicious actors with certain network access could perform spoofing or meddler-in-the-middle attacks to force users or automation to interact with them instead of the intended targets.

FIGURE 3 – Reuse of individual keys across our data set by device type.

Auditing SSH key reuse

runZero scans attempt to collect information for all SSH key types. This allows our customers to audit the keys types in use as well as how the specific keys are used across their environments.

FIGURE 4 – A partial screenshot of runZero showing the SSH key information collected. runZero has a Service attributes report that can help our customers audit key reuse. There are two ways to access this report. The first way is to go to the Reports section and run the Service attributes report for a specific key field. We recommend using the sha256 hash for the key type. For example, in the case of RSA keys the service attribute ssh.hostKeyRSA.sha256.
FIGURE 5 – A partial screenshot of runZero showing how to launch the Service attributes report.

FIGURE 6 – A partial screenshot of runZero showing the output of the Service attribute report for ssh.hostKeyRSA.sha256.

Customers can then click on the key hash on the left to see where it is used. This is a Service report so it is important to keep in mind that the same key may be seen across multiple services or addresses on the same asset.

The second way to view the report is by viewing the SSH service on an asset and clicking the magnifying glass next to the attribute name (green square in Figure 7). This will take customers directly to the report.

FIGURE 7 – A partial screenshot of runZero showing the attribute name and value. Clicking on the magnifying glass next to the value (blue square in Figure 7) will show every place that this particular key is used.

Remember to download the runZero Research Report to learn more about the state of asset security.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×