Managing keys to assets and data in cloud deployments have become a key concern for many organizations. As explained by Kenneth Hui, a Solutions Architect at Rubrik, paraphrasing Kerckhoffs Principle, poor key management is “like having a state of the art anti-burglar system for your home but leaving the house keys and alarm codes under the welcome mat.”
Keys provide access to countless cloud resources, from SaaS services to SSH servers. Compromised keys can be used to access encrypted data, reissue digital certificates, or even steal cars. Keys provide a great deal of security and convenience, but can become extremely dangerous in the wrong hands. We’ll explore the risks of storing cryptographic/access keys insecurely, and how you can protect yourself with Orca. At the end of the day, an improperly saved key is usually the difference between a contained incident, should one machine be breached, to a full blown data leak which makes the morning news.
The Keys to the Kingdom
At its core, a cryptographic key is a string of bytes used to decrypt data or authorize access to a resource. They allow you to secure and restrict access to cloud assets, even if those assets are accessible from a public network. However, keys commonly leak due to accidental exposures, misconfigurations, or other means. They must be stored securely so that they can be used without becoming vulnerable to attackers.
One of the top challenges in key management is verifying that in fact keys are stored ONLY where they should be. Keys can be found in several locations, including:
- File systems: keys are often stored as plain text files on servers and cloud storage buckets.
- Key Management Services (KMS): vaults such as AWS KMS, Azure Key Vault, or Google KMS can be misconfigured, exposing keys beyond the original intent.
- Source code repositories: developers may accidentally check keys into source control and push it to tools such as GitHub, GitLab, or BitBucket.
Developers also tend to leave keys in semi-hidden locations such as file archives. While these might mask keys from superficial scans, a more dedicated attacker can easily extract them and use them for lateral movement. In addition, keys have a variety of forms. A private SSH key is significantly different from a GitHub personal access token, but both could be used to wreak havoc on your applications and infrastructure.
One Small Key Can Cause Big Problems
It only takes one stolen key for an attacker to cause mayhem. For example, an exposed SSH key can give attackers access to internal servers, potentially granting access to private data or the ability to move laterally to other resources. An exposed service account key for a cloud platform can allow attackers to provision new services, control infrastructure, steal data, or perform any number of malicious actions. Any proper security strategy must assume that some assets will be breached, and ensure that if this happens, the attacker will not be able to access all of the organization crown jewels.
To build a strong defense, you need to think like an attacker. Defenders tend to think in terms of checklists, while attackers think in graphs. They find an opening and leverage it to access connected insecure resources. All it takes is one small opening, a “weak backdoor”, and a swath of other systems are immediately at risk.
The most effective way to detect insecure keys is with a comprehensive security solution like Orca Security. Orca scans your entire environment for exposed keys and not only identifies where they’re located, but which assets are put at risk as a result. We will automatically alert you when keys that can be used to perform malicious actions are detected, but haven’t yet been revoked. Time is of the essence when it comes to insecure keys and our goal is to provide you with the information you need to prevent a breach.
Securing keys is not an easy task. Like any other form of private data, keys must be managed and stored securely to prevent abuse and theft. Orca reduces the potential impact of poorly managed keys by performing in-depth scans of your environment, immediately alerting you to exposed keys, and determining which resources are placed at risk.