This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

SSH Communications Security to release free assessment tool

Share this article:

SSH Communications Security has announced a free tool to scan and assess networks to provide a report on risk and compliance exposures in secure shell (SSH) environments.

Named the SSH Risk Assessor (SRA), the company claimed that it identifies an organisation's compliance status with relevant standards, assesses actions needed to achieve compliance and provides an understanding of the current state of the SSH environment.

According to the company, the free tool enables internal and external audit and security teams to collect SSH key information across the environment and provide an assessment of risk exposure. The tool highlights known vulnerabilities in the environment, basic statistics on SSH keys deployed and specific violations of current best practices.

Tatu Ylönen, CEO and founder of SSH Communications Security, told SC Magazine that the current state of SSH key management is so bad that it is currently welcoming comment on its draft document around best practice for this technology.

He said: “SRA provides an easy way for enterprises and government agencies to determine if there are risk and compliance issues with respect to who has access to what information in their SSH environment.”

He said that this will create a script to run on each server to analyse it and build a picture of the servers to let users know how many keys they have and help them build a remediation project.

“It is a free tool to show what your situation is without having to make any modifications to your systems,” he said. “It is free now to auditors and eventually we will make it free to everyone.” 

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Google and Facebook offer free cyber-security tools

Google and Facebook offer free cyber-security tools

Google and Facebook have both launched free open-source cyber-security tools this week, designed to help security professionals spot malware and cyber-attacks.

Mixed results for key Government cyber-initiatives

Mixed results for key Government cyber-initiatives

The Government's Verify scheme to confirm IDs is behind scheuduled uptake, but its CISP threat intelligence sharing scheme is ahead of target.

Hundreds of companies face 2,000 cyber-attacks in EU exercise

Hundreds of companies face 2,000 cyber-attacks in EU ...

The European Network and Information Security Agency (ENISA) conducted a 24-hour cyber-exercise in which more than 200 organisations from 25 EU member states faced virtual cyber-attacks from white hat hackers ...