
Support
The LogJam attack against the TLS protocol allows a man-in-the-middle attacker to downgrade a TLS connection such that it uses weak cipher suites (known as export cipher suites). More precisely, the attack forces a Diffie-Hellman (DH) key exchange based on a weak group. A group (multiplicative group modulo p where p is prime) is considered weak if the defining prime has a low bit length.
Many key exchange protocol implementations, including those for TLS, utilize publicly known DH groups such as the Oakley groups used for IKE. The disadvantage of employing a publicly known group is that an attacker may already have precomputed information that helps in breaking an instance of a DH key exchange relying on that group. To impede precomputation attacks, TLS implementations typically enable the configuration of unique DH groups on the server-side.
The DH key exchange protocol is not only used as part of the TLS protocol but for many other protocols including the SSH protocol. While there are test tools (e.g. the web tool from the LogJam authors or the command-line openssl tool) which check whether the LogJam vulnerability exists for TLS-based services, there are currently no test tools available for SSH.
In contrast to TLS, the SSH protocol (defined in RFC 4253) does not support export cipher suites and does not suffer from a known design flaw that enables cipher suite downgrade attacks. The SSH protocol specification requires implementations to support at the least the following two DH key exchange methods:
Both methods use an Oakley group; the first method uses the Oakley Group 2 of size 1024 bits and the second method uses the Oakley Group 14 of size 2048 bits.
The authors of the LogJam paper envision that it may be possible for nation states to break 1024-bit groups. Therefore, the authors recommend disabling diffie-hellman-group1-sha1 on the server-side. For example, OpenSSH allows for enabling key exchange methods through the parameter KexAlgorithms in the server configuration file. The configuration file is typically located at /etc/ssh/sshd_config.This method is also expected to be disabled by default in the imminent OpenSSH 7.0 release.
Besides the two discussed DH key exchange protocols, many SSH clients and servers implement the two additional DH group exchange methods from RFC 4419:
When using either of these methods the SSH client starts the exchange protocol by proposing a minimal, preferred, and maximal group size in bits. The server then picks “a group that best matches the client’s request”. However, RFC 4419 leaves open how the server makes this choice. Therefore, the chosen group size is implementation-dependent. Finally, the client and server execute the DH protocol to exchange a key.
The authors of the LogJam paper recommend using ECDH or generating large, unique DH groups on the server for the DH group exchange protocols. For the OpenSSH server implementation, they provide the following commands that generate unique 2048-bit DH groups:
The file moduli-2048 is then used to replace the system SSH moduli file, typically /etc/ssh/moduli.
The DH key exchange protocol parameters that the client and server end up using depend on both the client and server configuration. As explained in RFC 4253, both the client and server propose a list of supported key exchange algorithms (in this context, the terms protocol and algorithm are interchangeable), ordered by preference where the first algorithm is the most preferred. In simple terms, if the client and server do not prefer the same suitable algorithm, the client and server iterate over the client’s key algorithm list and choose the first algorithm that both sides support and that is compatible with the other algorithms that SSH relies upon.
We present a tool to identify whether an SSH server configuration permits the use of a weak DH key exchange group. To determine whether an SSH client is able to exchange a key using a weak DH group, our tool attempts to connect to the server with specific client configurations. The configuration parameters include the key exchange algorithm and the minimum, preferred, and maximum group sizes. While we provide diverse test configurations, it is straightforward to add new configurations or modify the existing ones. Furthermore, the user may configure additional client parameters such as the list of preferred encryption and MAC algorithms.
Our tool can actually be considered a tool chain consisting of three components: a shell script, a patched OpenSSH client, and a Python based analysis script. The shell script we provide allows for enumerating all user-specified configurations. This script uses an OpenSSH client that has been patched to abort the network connection after completing the key exchange. Consequently, this client does not attempt to authenticate to the server. Moreover, our OpenSSH client patch allows for specifying the minimum, preferred, and maximum group size in bits through the command-line option -d (mnemonic: Diffie-Hellman). The adapted client prints important information regarding the DH key exchange. The shell script then stores this output in files. To analyze these files we provide a Python script. The shell script automatically launches this analysis script. However, it is also possible to run the analysis script later on the output files.
We chose the OpenSSH client, since it is a widely used open source SSH client implementing an extensive set of features. Moreover, these features are easy to configure using a configuration file or command-line options. In particular, we patch the latest stable version of the portable OpenSSH client (OpenSSH 6.9p1). Testing was conducted on Ubuntu 14.04 and Mac OS X Yosemite.
In the following example, we run our tool against an OpenSSH 6.6.1p1 server as it is shipped with Ubuntu 14.04, i.e. the server uses the default configuration.
To run our tool, we specify the host where the server is running and optionally specify the port number (defaults to 22).
KEX proposal client: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
KEX proposal server: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
KEX algorithm chosen: [email protected]
——— SNIP ———
KEX proposal client: diffie-hellman-group-exchange-sha256
KEX proposal server: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
KEX algorithm chosen: diffie-hellman-group-exchange-sha256
KEX client group sizes: min = 768, nbits = 768, max = 768
Connection closed by 127.0.0.1
KEX proposal client: diffie-hellman-group-exchange-sha256
KEX proposal server: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
KEX algorithm chosen: diffie-hellman-group-exchange-sha256
KEX client group sizes: min = 1024, nbits = 1024, max = 1024
KEX server-chosen group size in bits: 1024
——— SNIP ———
KEX proposal client: diffie-hellman-group-exchange-sha256
KEX proposal server: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
KEX algorithm chosen: diffie-hellman-group-exchange-sha256
KEX client group sizes: min = 2048, nbits = 2048, max = 2048
KEX server-chosen group size in bits: 2048
——— SNIP ———
The client proposed the following group size parameters (in bits): min=1024, nbits=1024, max=1024.
The client and server negotiated a group size of 1024 using diffie-hellman-group-exchange-sha1.
The security level is INTERMEDIATE (might be feasible to break for nation-states).
——— SNIP ———
The client proposed the following group size parameters (in bits): min=2048, nbits=2048, max=2048.
The client and server negotiated a group size of 2048 using diffie-hellman-group-exchange-sha256.
The security level is STRONG.
The trimmed output above shows that the server supports the [email protected] key exchange algorithm. Moreover, we can observe that the server closes the connection when the client requests a 768-bit group in conjunction with the diffie-hellman-group-exchange-sha256 algorithm. Another interesting finding from the output above is that the server permits DH key exchanges using a 1024-bit group. While a 1024-bit group is sufficient in many environments, attackers with nation-state size resources may be able to break the key exchange. If a higher level of security is needed a server administrator could reconfigure the SSH server and rerun our tool to validate that the configuration is as desired.
We presented a tool which establishes multiple connections to an SSH server, thereby enumerating through various client configurations, in order to determine whether the server allows a DH key exchange based on a weak group. We hope that our tool will be useful to check SSH servers for weak DH key exchange configurations.
The source code to the tool can be found on our Github repository:
Support
Capability Overview
Cyber Resilience
Product / Service
Penetration Testing Services
About Cyber Solutions:
Cyber security services are offered by Stroz Friedberg Inc., its subsidiaries and affiliates. Stroz Friedberg is part of Aon’s Cyber Solutions which offers holistic cyber risk management, unsurpassed investigative skills, and proprietary technologies to help clients uncover and quantify cyber risks, protect critical assets, and recover from cyber incidents.
General Disclaimer
This material has been prepared for informational purposes only and should not be relied on for any other purpose. You should consult with your own professional advisors or IT specialists before implementing any recommendation, following any of the steps or guidance provided herein. Although we endeavor to provide accurate and timely information and use sources that we consider reliable, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future.
Terms of Use
The contents herein may not be reproduced, reused, reprinted or redistributed without the expressed written consent of Aon, unless otherwise authorized by Aon. To use information contained herein, please write to our team.
Stay in the loop on today's most pressing cyber security matters.
View AllCyber Labs 17 mins
Maximizing value: How companies and pentesters can achieve more togetherCyber Labs 7 mins
DNSForge – Relaying with ForceCyber Labs 14 mins
We’re All in This Together: The Case for Purple TeamingCyber Labs 7 mins
Parsing ESXi Logs for Incident Response with QELPCyber Labs 5 mins
Parsing Jenkins Configuration Files for Forensics and FunCyber Labs 10 mins
Emerging Risks in Third-Party AI Solutions and How to Help Address ThemCyber Labs 20 mins
Unveiling the Dark Side: Common Attacks and Vulnerabilities in Industrial Control SystemsCyber Labs 9 mins
Mounted Guest EDR BypassCyber Labs 6 mins
Optimizing Your Cyber Resilience Strategy Through CISO and CRO ConnectivityCyber Labs 9 mins
Bypassing EDR through Retrosigned Drivers and System Time ManipulationCyber Labs 10 mins
DNSForge – Responding with ForceCyber Labs 7 mins
Unveiling "sedexp": A Stealthy Linux Malware Exploiting udev RulesCyber Labs 3 mins
Command Injection and Path Traversal in StoneFly Storage ConcentratorCyber Labs 7 mins
Adopt an AI Approach with Confidence, for CISOs and CIOsCyber Labs 3 mins
Responding to the CrowdStrike Outage: Implications for Cyber and Technology ProfessionalsCyber Labs 10 mins
DUALITY Part II - Initial Access and Tradecraft ImprovementsCyber Labs 17 mins
Cracking Into Password RequirementsCyber Labs 57 mins
DUALITY: Advanced Red Team Persistence through Self-Reinfecting DLL Backdoors for Unyielding ControlCyber Labs 7 mins
Restricted Admin Mode – Circumventing MFA On RDP LogonsCyber Labs 9 mins
Detecting “Effluence”, An Unauthenticated Confluence Web ShellReady to Explore Further?
Sign up to receive updates on the latest events, insights, news and more from our team.
Our Better Being podcast series, hosted by Aon Chief Wellbeing Officer Rachel Fellowes, explores wellbeing strategies and resilience. This season we cover human sustainability, kindness in the workplace, how to measure wellbeing, managing grief and more.
Podcast 23 mins
Better Being Series: Understanding Burnout in the WorkplacePodcast 14 mins
Better Being Series: Why Nutrition MattersPodcast 10 mins
Better Being Series: Discover the ‘Blue Zones’ Where People Live LongerPodcast 20 mins
Better Being Series: Improving Your Financial WellbeingPodcast 17 mins
Better Being Series: Are You Taking Care of Your Digital Wellbeing?Podcast 19 mins
On Aon Podcast: Better Being Series Dives into Women’s HealthPodcast 29 mins
On Aon’s Better Being Series: The World Wellbeing MovementPodcast 28 mins
On Aon’s Better Being Series: Mental Health and Creating Kinder CulturesPodcast 25 mins
On Aon’s Better Being Series: Managing Loss and GriefPodcast 24 mins
On Aon’s Better Being Series: Measuring WellbeingPodcast 25 mins
On Aon’s Better Being Series: Physical Wellbeing and ResiliencePodcast 24 mins
On Aon’s Better Being Series: Human SustainabilityExpert Views on Today's Risk Capital and Human Capital Issues
Article 8 mins
Thriving in an Interconnected World: How the C-Suite Embraces UncertaintyArticle 6 mins
Powering Progress: Collaborating to Build a Sustainable Future in Emerging MarketsArticle 5 mins
Building Business Resilience: Key Steps to Effectively Integrate Risk Management Across Your OrganisationArticle 7 mins
Why Humans Are the Essential Factor in the Success of Artificial Intelligence (AI)Article 5 mins
Leveraging Research and Expertise to Strengthen Your HR Strategy for 2025 and BeyondArticle 5 mins
Managing Risk on the Energy Transition JourneyArticle 7 mins
The Role of Risk Management in the Age of Generative Artificial IntelligenceArticle 7 mins
Finding A Way In Asia Pacific's New Economic RealityArticle 4 mins
Three Ways to Boost Value from Benefits: APAC Insights from LinkedInExpert Views on Today's Risk Capital and Human Capital Issues
Expert Views on Today's Risk Capital and Human Capital Issues
Article 2 mins
Introduction: Clarity and Confidence to Make Better DecisionsArticle 2 mins
The Age of Rising Resilience – An Economic OutlookArticle 3 mins
Building Resilience Against the Constant Cyber ThreatArticle 2 mins
Making Better Decisions – A Treasurer’s PerspectiveArticle 2 mins
How to Balance the Conflicting Forces of Efficiency, Performance and WellbeingArticle 3 mins
Seizing the Opportunity: Building a Comprehensive Approach to Risk TransferArticle 2 mins
Tapping New Markets to Unlock Deal ValueArticle 5 mins
The Rise of the Skills-Based OrganisationArticle 2 mins
Creating a Fair and Equitable Workforce for EveryoneArticle 3 mins
The Year of the Vote: How Geopolitical Volatility Will Impact BusinessesArticle 2 mins
The Aon DifferenceBetter Decisions Across Interconnected Risk and People Issues.
Article 3 mins
Acknowledging Our Complex RealityArticle 10 mins
Trade in a Technology-Driven FutureArticle 9 mins
How AI and Workforce will Intersect: Navigating Risks and OpportunitiesArticle 8 mins
Weather and Workforce: Employers Must Quantify the RiskArticle 9 mins
Steering Trade and Supply Chains Amid Weather ChallengesReport 13 mins
Trade Issues Confront Global Businesses on Multiple FrontsReport 19 mins
Technology is Driving Firms to Harness Opportunities and Defend Against ThreatsReport 19 mins
Climate Analytics Unlock Capital to Protect People and PropertyReport 14 mins
A Workforce in Transition Prepares to Meet a Host of ChallengesThe construction industry is under pressure from interconnected risks and notable macroeconomic developments. Learn how your organization can benefit from construction insurance and risk management.
Article 8 mins
How North American Construction Contractors Can Mitigate Emerging RisksArticle 7 mins
Managing Construction Risks: 7 Risk Advisory StepsArticle 7 mins
Unlocking Capacity and Capital in a Challenging Construction Risk MarketArticle 7 mins
Protecting North American Contractors from Extreme Heat Risks with ParametricArticle 5 mins
How Climate Modeling Can Mitigate Risks and Improve Resilience in the Construction IndustryReport 1 mins
Construction Risk Management Europe Report 2023Article 8 mins
Parametric Can Help Mitigate Extreme Heat Risks for Contractors in EMEAArticle 9 mins
How the Construction Industry is Navigating Climate ChangeArticle 11 mins
Top Risks Facing Construction and Real Estate OrganizationsStay in the loop on today's most pressing cyber security matters.
Cyber Labs 17 mins
Maximizing value: How companies and pentesters can achieve more togetherCyber Labs 7 mins
DNSForge – Relaying with ForceCyber Labs 14 mins
We’re All in This Together: The Case for Purple TeamingCyber Labs 7 mins
Parsing ESXi Logs for Incident Response with QELPCyber Labs 5 mins
Parsing Jenkins Configuration Files for Forensics and FunCyber Labs 10 mins
Emerging Risks in Third-Party AI Solutions and How to Help Address ThemCyber Labs 20 mins
Unveiling the Dark Side: Common Attacks and Vulnerabilities in Industrial Control SystemsCyber Labs 9 mins
Mounted Guest EDR BypassCyber Labs 6 mins
Optimizing Your Cyber Resilience Strategy Through CISO and CRO ConnectivityCyber Labs 9 mins
Bypassing EDR through Retrosigned Drivers and System Time ManipulationCyber Labs 10 mins
DNSForge – Responding with ForceCyber Labs 7 mins
Unveiling "sedexp": A Stealthy Linux Malware Exploiting udev RulesCyber Labs 3 mins
Command Injection and Path Traversal in StoneFly Storage ConcentratorCyber Labs 7 mins
Adopt an AI Approach with Confidence, for CISOs and CIOsCyber Labs 3 mins
Responding to the CrowdStrike Outage: Implications for Cyber and Technology ProfessionalsCyber Labs 10 mins
DUALITY Part II - Initial Access and Tradecraft ImprovementsCyber Labs 17 mins
Cracking Into Password RequirementsCyber Labs 57 mins
DUALITY: Advanced Red Team Persistence through Self-Reinfecting DLL Backdoors for Unyielding ControlCyber Labs 7 mins
Restricted Admin Mode – Circumventing MFA On RDP LogonsCyber Labs 9 mins
Detecting “Effluence”, An Unauthenticated Confluence Web ShellOur Cyber Resilience collection gives you access to Aon’s latest insights on the evolving landscape of cyber threats and risk mitigation measures. Reach out to our experts to discuss how to make the right decisions to strengthen your organization’s cyber resilience.
Article 8 mins
Cyber and E&O Market Conditions Remain Favorable Amid Emerging Global RisksArticle 7 mins
How to Navigate AI-Driven Cyber RisksArticle 9 mins
Building Resilience in a Buyer-Friendly Cyber and E&O MarketArticle 11 mins
A Middle Market Roadmap for Cyber ResilienceArticle 7 mins
Lessons Learned from the CrowdStrike Outage: 5 Strategies to Build Cyber ResilienceArticle 8 mins
Responding to Cyber Attacks: How Directors and Officers and Cyber Policies DifferArticle 7 mins
Why Now is the Right Time to Customize Cyber and E&O ContractsArticle 6 mins
8 Steps Toward Building Better Resilience Against Rising Ransomware AttacksArticle 7 mins
Mitigating Insider Threats: Managing Cyber Perils While Traveling GloballyArticle 5 mins
Managing Cyber Risk through Return on Security InvestmentArticle 10 mins
Mitigating Insider Threats: Your Worst Cyber Threats Could be Coming from InsideArticle 9 mins
Why HR Leaders Must Help Drive Cyber Security AgendaArticle 10 mins
Escalating Cyber Security Risks Mean Businesses Need to Build ResilienceOur Employee Wellbeing collection gives you access to the latest insights from Aon's human capital team. You can also reach out to the team at any time for assistance with your employee wellbeing needs.
Article 8 mins
Employer Strategies for Cancer Prevention and TreatmentArticle 6 mins
The Long-Term Care Conundrum in the United StatesArticle 9 mins
Developing a Paid Leave Strategy That Supports Workers and Their FamiliesArticle 9 mins
4 Ways to Foster a Thriving Workforce Amid Rising Health CostsArticle 9 mins
The Next Evolution of Wellbeing is About PerformanceArticle 6 mins
Three Ways Collective Retirement Plans Support HR PrioritiesArticle 9 mins
How the Right Employee Wellbeing Strategy Impacts Microstress and Burnout at WorkPodcast 13 mins
On Aon Podcast: The Future of Healthcare: Key Factors Impacting Medical Trend RatesArticle 7 mins
Making Wellbeing Part of a Company’s DNAArticle 7 mins
A Comprehensive Approach to Financial WellbeingExplore Aon's latest environmental social and governance (ESG) insights.
Podcast 16 mins
On Aon Podcast: Approach to DE&I in the WorkplaceOur Global Insurance Market Insights highlight insurance market trends across pricing, capacity, underwriting, limits, deductibles and coverages.
Article 12 mins
Q4 2023: Global Insurance Market OverviewArticle 13 mins
Top Risk Trends to Watch in 2024How do the top risks on business leaders’ minds differ by region and how can these risks be mitigated? Explore the regional results to learn more.
Article 12 mins
Top Risks Facing Organizations in Asia PacificArticle 12 mins
Top Risks Facing Organizations in North AmericaArticle 10 mins
Top Risks Facing Organizations in EuropeArticle 8 mins
Top Risks Facing Organizations in Latin AmericaArticle 8 mins
Top Risks Facing Organizations in the Middle East and AfricaArticle 9 mins
Top Risks Facing Organizations in the United KingdomOur Human Capital Analytics collection gives you access to the latest insights from Aon's human capital team. Contact us to learn how Aon’s analytics capabilities helps organizations make better workforce decisions.
Article 35 mins
5 Human Resources Trends to Watch in 2025Article 13 mins
Medical Rate Trends and Mitigation Strategies Across the GlobeArticle 9 mins
3 Strategies to Help Avoid Workers Compensation Claims LitigationPodcast 15 mins
On Aon Podcast: Using Data and Analytics to Improve Health OutcomesArticle 14 mins
How Technology Will Transform Employee Benefits in the Next Five YearsPodcast 18 mins
On Aon Podcast: Technology Impacting the Future of Health and BenefitsArticle 8 mins
Integrating Workforce Data to Uncover Hidden InsightsPodcast 24 mins
On Aon’s Better Being Series: Measuring WellbeingArticle 11 mins
Designing Tomorrow: Personalizing EVP, Benefits and Total RewardsExplore our hand-picked insights for human resources professionals.
Article 7 mins
COVID-19 has Permanently Changed the Way We Think About WellbeingArticle 7 mins
DE&I in Benefits Plans: A Global PerspectiveArticle 10 mins
How Data and Analytics Can Optimize HR ProgramsArticle 9 mins
Why HR Leaders Must Help Drive Cyber Security AgendaArticle 7 mins
Case Study: The LPGA Unlocks Talent Potential with DataArticle 11 mins
Navigating the New EU Directive on Pay TransparencyArticle 4 mins
How to Design Better Talent Assessment to Promote DE&IArticle 6 mins
Training and Transforming Managers for the Future of WorkArticle 7 mins
Rethinking Your Total Rewards Programs During Mergers and AcquisitionsArticle 14 mins
Building a Resilient Workforce That Steers Organizational Success | An Outlook Across IndustriesOur Workforce Collection provides access to the latest insights from Aon’s Human Capital team on topics ranging from health and benefits, retirement and talent practices. You can reach out to our team at any time to learn how we can help address emerging workforce challenges.
Article 35 mins
5 Human Resources Trends to Watch in 2025Article 19 mins
3 Strategies to Promote an Inclusive Environment and Bridge the Gender GapReport 14 mins
A Workforce in Transition Prepares to Meet a Host of ChallengesArticle 8 mins
2025 Salary Increase Planning TipsArticle 8 mins
Employer Strategies for Cancer Prevention and TreatmentArticle 12 mins
Understanding and Preparing for the Rise in Pay TransparencyPodcast 12 mins
Better Being Series: Building Sustainable Performance in a Multi-Generational WorkforceArticle 7 mins
Key Trends in U.S. Benefits for 2025 and BeyondArticle 8 mins
Pay Transparency Can Lead to Better Equity Across BenefitsArticle 17 mins
3 Strategies to Improve Career Outcomes for Older EmployeesArticle 9 mins
Developing a Paid Leave Strategy That Supports Workers and Their FamiliesArticle 9 mins
4 Ways to Foster a Thriving Workforce Amid Rising Health CostsOur Mergers and Acquisitions (M&A) collection gives you access to the latest insights from Aon's thought leaders to help dealmakers make better decisions. Explore our latest insights and reach out to the team at any time for assistance with transaction challenges and opportunities.
Article 8 mins
Exit Strategy Value Creation Opportunities Exist as Economic Pressures PersistArticle 5 mins
Future Trends for Financial Sponsors: Secondary TransactionsArticle 7 mins
3 Ways to Unlock M&A Value in a Challenging Credit EnvironmentArticle 7 mins
Rethinking Your Total Rewards Programs During Mergers and AcquisitionsArticle 9 mins
Organizational Design and Talent Planning are Key to M&A SuccessArticle 7 mins
An Ever-Complex Global Tax Environment Requires Strong M&A Risk SolutionsArticle 6 mins
Project Management for HR: The Secret Behind a Successful M&A DealArticle 9 mins
Cultural Alignment Planning Drives M&A SuccessReport 1 mins
A Guide to Maximizing Value in Post-Merger IntegrationsReport 2 mins
The ABC's of Private Equity M&A: Deal Flow Impacts of Al, Big Tech and Climate ChangeArticle 11 mins
The Silver Lining on M&A Deal Clouds: M&A Insurance Insights from 2023How do businesses navigate their way through new forms of volatility and make decisions that protect and grow their organizations?
Our Parametric Insurance Collection provides ways your organization can benefit from this simple, straightforward and fast-paying risk transfer solution. Reach out to learn how we can help you make better decisions to manage your catastrophe exposures and near-term volatility.
Article 10 mins
How Public Entities and Businesses Can Use Parametric for Emergency FundingArticle 6 mins
Parametric Insurance: A Complement to Traditional Property CoverageArticle 8 mins
Using Parametric Insurance to Match Capital to Climate RiskArticle 6 mins
Using Parametric Insurance to Close the Earthquake Protection GapArticle 5 mins
How Technology Enhancements are Boosting ParametricOur Pay Transparency and Equity collection gives you access to the latest insights from Aon's human capital team on topics ranging from pay equity to diversity, equity and inclusion. Contact us to learn how we can help your organization address these issues.
Article 19 mins
3 Strategies to Promote an Inclusive Environment and Bridge the Gender GapReport 1 mins
The 2024 North America Pay Transparency Readiness StudyArticle 10 mins
How Financial Institutions can Prepare for Pay Transparency LegislationArticle 8 mins
Pay Transparency Can Lead to Better Equity Across BenefitsArticle 12 mins
Understanding and Preparing for the Rise in Pay TransparencyPodcast 14 mins
On Aon Podcast: Understanding Pay Transparency RegulationsArticle 11 mins
Navigating the New EU Directive on Pay TransparencyArticle 7 mins
To Disclose Pay or Not? How Companies are Approaching the Pay Transparency MovementPodcast 19 mins
On Aon Podcast: Better Being Series Dives into Women’s HealthArticle 11 mins
Advancing Women’s Health and Equity Through Benefits and SupportForecasters are predicting an extremely active 2024 Atlantic hurricane season. Take measures to build resilience to mitigate risk for hurricane-prone properties.
Article 8 mins
Florida Hurricanes Not Expected to Adversely Affect Property MarketArticle 10 mins
Build Resilience for an Extremely Active Atlantic Hurricane SeasonArticle 6 mins
Four Steps to Develop Strong Property Risk Coverage in a Hardening MarketPodcast 16 mins
On Aon Podcast: Navigating and Preparing for CatastrophesArticle 6 mins
Parametric Insurance: A Complement to Traditional Property CoverageArticle 6 mins
Navigating Climate Risk Using Multiple Models and Data SetsArticle 5 mins
Rising Losses From Severe Convection Storms Mostly Explained by Exposure GrowthArticle 6 mins
Using Parametric Insurance to Close the Earthquake Protection GapOur Technology Collection provides access to the latest insights from Aon's thought leaders on navigating the evolving risks and opportunities of technology. Reach out to the team to learn how we can help you use technology to make better decisions for the future.
Article 23 mins
The AI Data Center Boom: Strategies for Sustainable Growth and Risk ManagementArticle 7 mins
How Technology is Transforming Open Enrollment in the U.S.Article 15 mins
Navigating Cyber Risks in EMEA: Key Insights for 2025Article 7 mins
How to Navigate AI-Driven Cyber RisksArticle 16 mins
How Artificial Intelligence is Transforming Human Resources and the WorkforceReport 19 mins
Technology is Driving Firms to Harness Opportunities and Defend Against ThreatsAlert 3 mins
Better Decisions Brief: Perspectives on the CrowdStrike OutagePodcast 9 mins
On Aon Podcast: How has CrowdStrike Changed the Cyber Market?Article 12 mins
5 Ways Artificial Intelligence can Boost Claims ManagementArticle 12 mins
Navigating AI-Related Risks: A Guide for Directors and OfficersArticle 5 mins
How Technology Enhancements are Boosting ParametricArticle 9 mins
How to Futureproof Data and Analytics Capabilities for ReinsurersTrade, technology, weather and workforce stability are the central forces in today’s risk landscape.
Article 7 mins
Cyber Attack or Data BreachArticle 4 mins
Business InterruptionArticle 4 mins
Economic Slowdown or Slow RecoveryArticle 5 mins
Failure to Attract or Retain Top TalentArticle 5 mins
Regulatory or Legislative ChangesArticle 4 mins
Supply Chain or Distribution FailureArticle 6 mins
Commodity Price Risk or Scarcity of MaterialsArticle 4 mins
Damage to Brand or ReputationArticle 5 mins
Failure to Innovate or Meet Customer NeedsArticle 4 mins
Increasing CompetitionReport 3 mins
Business Decision Maker SurveyOur Trade Collection gives you access to the latest insights from Aon's thought leaders on navigating the evolving risks and opportunities for international business. Reach out to our team to understand how to make better decisions around macro trends and why they matter to businesses.
Podcast 9 mins
Special Edition: Global Trade and its Impact on Supply ChainArticle 8 mins
The Evolving Threat of Cargo Theft: 5 Key Mitigation StrategiesReport 3 mins
Global Risk Management SurveyReport 13 mins
Trade Issues Confront Global Businesses on Multiple FrontsArticle 6 mins
Four Steps to Develop Strong Property Risk Coverage in a Hardening MarketArticle 14 mins
Cutting Supply Chains: How to Achieve More Reward with Less RiskArticle 9 mins
Driving Private Equity Value Creation Through Credit SolutionsArticle 7 mins
4 Steps to Help Take Advantage of a Buyer-Friendly Directors' & Officers' MarketArticle 9 mins
Managing Reputational Risks in Global Supply ChainsArticle 6 mins
How an Outsourced Chief Investment Officer Can Help Improve Governance and Manage ComplexityArticle 8 mins
Decarbonizing Your Business: Finding the Right Insurance and StrategyArticle 8 mins
Reputation Analytics as a Leading Indicator of ESG RiskWith a changing climate, organizations in all sectors will need to protect their people and physical assets, reduce their carbon footprint, and invest in new solutions to thrive. Our Weather Collection provides you with critical insights to be prepared.
Podcast 9 mins
On Aon Podcast: Climate Impact on the Property and Casualty MarketAlert 14 mins
L.A. Wildfires Highlight Urgent Need for Employee Support and Business ResilienceReport 19 mins
Climate Analytics Unlock Capital to Protect People and PropertyReport 2 mins
Climate and Catastrophe InsightArticle 10 mins
How Public Entities and Businesses Can Use Parametric for Emergency FundingPodcast 12 mins
On Aon Podcast: Tackling Climate Risk to Build Economic ResilienceArticle 8 mins
Understanding Freeze Risk in a Changing ClimatePodcast 9 mins
On Aon Podcast: Climate Science Through Academic CollaborationArticle 6 mins
How Companies Are Using Climate Modeling to Improve Risk DecisionsArticle 8 mins
Using Parametric Insurance to Match Capital to Climate RiskArticle 9 mins
How the Construction Industry is Navigating Climate ChangeArticle 9 mins
Record Heatwaves: Protecting Employee Health and SafetyOur Workforce Resilience collection gives you access to the latest insights from Aon's Human Capital team. You can reach out to the team at any time for questions about how we can assess gaps and help build a more resilience workforce.
Article 4 mins
Using Data to Close Workforce Gaps in Financial InstitutionsArticle 5 mins
Using Data to Close Workforce Gaps in Retail CompaniesArticle 7 mins
Using Data to Close Workforce Gaps in Technology CompaniesArticle 5 mins
Using Data to Close Workforce Gaps in Manufacturing CompaniesArticle 6 mins
Using Data to Close Workforce Gaps in Life Sciences CompaniesReport 4 mins
Measure Workforce Resilience for Better Business OutcomesPodcast 18 mins
On Aon Podcast: Methodology to Predict Employee Performance for the LPGAArticle 6 mins
Training and Transforming Managers for the Future of WorkArticle 14 mins
Building a Resilient Workforce That Steers Organizational Success | An Outlook Across IndustriesYou will soon receive an email to verify your email address. Please click on the link included in this note to complete the subscription process, which also includes providing consent in applicable locations and an opportunity to manage your email preferences.
Article
Article
Your request is being reviewed so we can align you to the best resources on our team. In the meantime, we invite you to explore some of our latest insights below.
Article
Article
If you encounter an issue, use the link below to start a new download.
Download Now