Re: Telnet Security Question for a Router.

From: Chris Berry (compjma@hotmail.com)
Date: 12/12/02

  • Next message: Chris Berry: "Re: Need Help" 
    From: "Chris Berry" <compjma@hotmail.com>
To: security-basics@securityfocus.com
Date: Thu, 12 Dec 2002 11:14:54 -0800

    >From: "Tony Toni" <tony572000@hotmail.com>
    >We were currently wrote up by our external auditors because we use telnet
    >to access all of our routers. In some cases we use a filtered Telnet
    >service...but that is not the normal practice. We are a fairly good size
    >company with about 1000+ routers.
    >
    >I am charged with coordinating a response to the auditors. I know all of
    >the security issues involved with Telnet...ie login id and password sent
    >across the network in clear text, etc. My question: Is it possible to
    >use SSH or CISCO TACACS+ to encrypt the entire Telnet session? Is there a
    >way to ensure no one can sniff the login id and password? The Network
    >Services Group is adamant that neither SSH or CISCO TACACS+ will work on a
    >router to correct the security issue.

    Well, you could use SSL or VPN to create a secure tunnel for the Telnet
    session, but SSH would be a much better choice, its designed for that sort
    of thing. SSH works on most quality routers, what brand(s) do you have?

    Chris Berry
    compjma@hotmail.com
    Systems Administrator
    JM Associates

    "Live dangerously, overclock your servers."

    _________________________________________________________________
    The new MSN 8: advanced junk mail protection and 2 months FREE*
    http://join.msn.com/?page=features/junkmail

    Relevant Pages

    • RE: Telnet Security Question for a Router.
      ... SNMP-Server Host, ... Telnet Security Question for a Router. ... >company with about 1000+ routers. ... >use SSH or CISCO TACACS+ to encrypt the entire Telnet session? ...
      (Security-Basics)
    • RE: Securing Access to Cisco Routers
      ... SSH is available on the higher end IOS. ... yadda yadda running on mine at home and it has SSH. ... And telnet is ... Securing Access to Cisco Routers ...
      (Security-Basics)
    • Re: connecting to a particular wireless router by command line ?
      ... I do it all the time with telnet or SSH to Cisco 340/35/1200 ... wireless routers. ... Also Linksys WRT54G routers with Sveasoft ...
      (alt.internet.wireless)
    • Re: Securing Access to Cisco Routers
      ... > I have been tasked with finding a solution to replace telnet for router ... > access to a large group of Cisco Routers. ... Is SSH available for Cisco ... the newer Cisco routers have support for SSH built in. ...
      (Security-Basics)
    • RE: Commentary on the seven words
      ... When I was an operating systems programmer we all too often forgot that the Operating system existed to support the application, not the other way around. ... A Because the application that we run uses a telnet client that doesn't support ssh - and that's why I can't run ssh on this system. ... I administrate one system that has 128 clients on it and it's ...
      (RedHat)