Re: Telnet Security Question for a Router.

From: Chris Berry (compjma@hotmail.com)
Date: 12/12/02

  • Next message: Chris Berry: "Re: Need Help"
    From: "Chris Berry" <compjma@hotmail.com>
    To: security-basics@securityfocus.com
    Date: Thu, 12 Dec 2002 11:14:54 -0800
    
    

    >From: "Tony Toni" <tony572000@hotmail.com>
    >We were currently wrote up by our external auditors because we use telnet
    >to access all of our routers. In some cases we use a filtered Telnet
    >service...but that is not the normal practice. We are a fairly good size
    >company with about 1000+ routers.
    >
    >I am charged with coordinating a response to the auditors. I know all of
    >the security issues involved with Telnet...ie login id and password sent
    >across the network in clear text, etc. My question: Is it possible to
    >use SSH or CISCO TACACS+ to encrypt the entire Telnet session? Is there a
    >way to ensure no one can sniff the login id and password? The Network
    >Services Group is adamant that neither SSH or CISCO TACACS+ will work on a
    >router to correct the security issue.

    Well, you could use SSL or VPN to create a secure tunnel for the Telnet
    session, but SSH would be a much better choice, its designed for that sort
    of thing. SSH works on most quality routers, what brand(s) do you have?

    Chris Berry
    compjma@hotmail.com
    Systems Administrator
    JM Associates

    "Live dangerously, overclock your servers."

    _________________________________________________________________
    The new MSN 8: advanced junk mail protection and 2 months FREE*
    http://join.msn.com/?page=features/junkmail