Re: Telnet Security Question for a Router.

From: Chris Berry (
Date: 12/12/02

  • Next message: Chris Berry: "Re: Need Help"
    From: "Chris Berry" <>
    Date: Thu, 12 Dec 2002 11:14:54 -0800

    >From: "Tony Toni" <>
    >We were currently wrote up by our external auditors because we use telnet
    >to access all of our routers. In some cases we use a filtered Telnet
    >service...but that is not the normal practice. We are a fairly good size
    >company with about 1000+ routers.
    >I am charged with coordinating a response to the auditors. I know all of
    >the security issues involved with login id and password sent
    >across the network in clear text, etc. My question: Is it possible to
    >use SSH or CISCO TACACS+ to encrypt the entire Telnet session? Is there a
    >way to ensure no one can sniff the login id and password? The Network
    >Services Group is adamant that neither SSH or CISCO TACACS+ will work on a
    >router to correct the security issue.

    Well, you could use SSL or VPN to create a secure tunnel for the Telnet
    session, but SSH would be a much better choice, its designed for that sort
    of thing. SSH works on most quality routers, what brand(s) do you have?

    Chris Berry
    Systems Administrator
    JM Associates

    "Live dangerously, overclock your servers."

    The new MSN 8: advanced junk mail protection and 2 months FREE*