November 6, 2020

The Network Effect, Increasing Number of Critical Connections and Security

The Network Effect states the value of a telecommunications network is proportional to the square of the number of connected users of the system (N2). A decade in the naming, this law was a marketing tool to help 3Com sell more Ethernet cards (Token Ring was the IBM developed competitor at the time). It argued that the value of communications rises over time with the number of connections and hence the better affordability for an initial investment. George Gilder named this condition Metcalf's Law in 1993 and people have been arguing about it ever since.

Back in the 1980s and even into the early 1990s, computer-to-computer networking technology utilized basic programs for communications. In the distributed computing world, Berkley UNIX r-commands and telnet were the de facto standards. Security had yet to become an issue as those connected to what was then the NSFNET were owned and run by universities and scientists trying to share research and exchange ideas; commercial traffic would not be permitted until 1995. Shortly thereafter, the need for encryption became obvious and Secure Shell (SSH) was developed.

SSH began life as freeware and derivative works would eventually be included into OpenBSD promoting the technology's ubiquity as OpenSSH. Its creator, Tatu Ylönen, a researcher at Helsinki University of Technology, Finland, formed SSH Communications Security (SSH.COM) after witnessing an estimated 20,000 users leveraging the resource and began developing a robust offering for enterprise-grade interactive secure remote connection as well as automated machine-to-machine backed by professional support services. Today SSH has added numerous capabilities to the platform and now markets a privileged access management (PAM) solution allowing remote users to securely connect with nearly any computing platform.

Today, PrivX is the company's flagship offering adding capabilities supporting identity and access management (IAM) use cases. The popularity of SSH for establishing secure remote communications has led to millions of existing encryption keys that are often embedded in service accounts used by external parties. Generally, these keys are poorly managed and can lead to the inverse of The Networking Effect as their existence provides attackers with a backdoor for establishing superuser identity credentials. Consequently, the need to discover and manage SSH keys has become a necessary capability for market-leading PAM solutions.

PrivX from SSH.COM avoids problems associated with static and forgotten SSH keys by using ephemeral or time-based certificates to support Public Key Infrastructure (PKI) technology as the basis for authenticating user access (it's like replacing hotel keys with coded access cards or smartphone apps). Ephemeral certificates are created on-demand at the moment when the session is established and disappear after the session ends or the allotted access time runs out. This means that there are no permanent leave-behind credentials (like SSH keys) that can be lost, stolen or misused by internal or external users which is great for risk mitigation. This approach also eliminates the need to vault, rotate and delete highly powerful admin accounts or their credentials, which streamlines the management process considerably: that which does not exists does not need to be managed. Privileged users never handle or see any secrets that are needed to establish secure connections, but all the secrets needed to for the session are simply baked into the auto—expiring certificate. Every session is identified, audited and logged, and can also be recorded.

 

The network effect is not as simple as it used to be, because an increased number of connections in an environment add complexity, which in turn easily creates several security issues if not managed properly. Environments with questionable security risks are not truly valuable.

PrivX is an effective means for adding secure, privileged access for many organizations that are looking to streamline their privileged access lifecycle in multi-cloud and hybrid IT environments and reduce the risks typically associated with permanent credentials. SSH.COM has been around as long as the commercial Internet has existed, helping preserve customers' networking investments with secure remote access.

 

SSH Guest Blogger: Jay Bretzmann

IDC, Research Director Cybersecurity Products

Other posts you might be interested in