Securing SSH Itself with the Critical Security Controls
- Wednesday, November 18th, 2015 at 1:00 PM EST (18:00:00 UTC)
- Barb Filkins, Gavin Hill and Dave Hoelzer (Moderator)
You can now attend the webcast using your mobile device!
SSH is a de facto standard in securing communications through an encrypted link and elevating privileges, but what happens when SSH is itself not properly secured? What vulnerabilities are inherent in the protocol and how do organizations remediate them? Does the protection of the keys used by SSH affect the trust placed in this protocol? Despite the importance of SSH, organizations often neglect to pay attention to best practices related to configuration, especially in the area of adequate controls over SSH keys and key associations. One way to address this is through the Critical Security Controls.
Sign up for this webcast and be among the first to receive an advance copy of a SANS whitepaper discussing the vulnerabilities of SSH and how the Critical Security Controls provide a roadmap to remediating those flaws.
Please send questions about this webcast to email@example.com.
View the associated whitepaper here.
Barbara Filkins, a senior SANS analyst who holds the CISSP and SANS GSEC (Gold), GCIH (Gold), GSLC (Gold), GCCC (Gold), GCPM (Silver) and GLEG (Gold) certifications, has done extensive work in system procurement, vendor selection and vendor negotiations as a systems engineering and infrastructure design consultant. She is deeply involved with HIPAA security issues in the health and human services industry, with clients ranging from federal agencies (Department of Defense and Department of Veterans Affairs) to municipalities and commercial businesses. Barbara focuses on issues related to automation--privacy, identity theft and exposure to fraud, as well as the legal aspects of enforcing information security in today's mobile and cloud environments.
With over a 15 years of experience in product development and product marketing in the cyber security space, Gavin Hill has been responsible for helping enterprises identify where they are at risk and leading the strategy for products that mitigate the risks related to evolving cyber threats. At Venafi he is responsible for the threat intelligence, focusing on Next-Generation Trust Protection and product marketing.
David Hoelzer is a SANS fellow instructor, courseware author and dean of faculty for the SANS Technology Institute. In addition to bringing the GIAC Security Expert certification to life, he has held practically every IT and security role during his career. David is a research fellow in the Center for Cybermedia Research, the Identity Theft and Financial Fraud Research Operations Center (ITFF/ROC), and the Internet Forensics Lab. Currently, David serves as the principal examiner and director of research for a New York/Las Vegas-based incident response and forensics company and is the chief information security officer for an open source security software solution provider.