Thursday, 20. May 2010
—Caution: Below you will find what some may term as a rant.—
Telnet- (TErminaL NETwork) is a network protocol used on the Internet or local area networks to provide a bidirectional interactive text-oriented communications facility via a virtual terminal connection. (Wikipedia)
English translation: Telnet, a simple way to connect one computer to another. Great for command line work.
Now what is my beef with Telnet? Nothing.. My beef is with the implementations of telnet. Telnet is an “in the clear” communication. That means that data transmited over a telnet connection is sent with no encryption, no obfuscation, and no joy…
What is telnet commonly used for you might ask? In computing environments you will see telnet used as a remote command line access system. Administrators and users alike log into servers across the network, and perform what ever tasks required.
You can probably see the issue I am getting at, and thousands of security professionals before me have gotten at… An administrator, with root access, logs into a server using telnet. Their credentials (username/password) are sent in plaintext. Someone sniffing packets on the network has a chance to grab those credentials. Now your administrative access has been owned.
But Josh, I’m on a switched network, packet sniffers can’t get my traffic, that would only work on a hub or wireless. A good observation, but not true. Your switched network offers a little protection against it, but is not difficult to get around .
So what does this mean? Is the worlded doomed to telnet horror?
There is a simple solution my friends.. not elegant, not bulletproof, but better than telnet. A simple SSH connection. It does require a ssh server on one side of the connection and a ssh capable client on the other, but the encryption benefits far out way the small cost (cpu cycles wise) in most cases.
So, the next time you find yourself typing the word telnet… stop and think.. Do I really need to use telnet? Or can I move into the 21st century and enter the SSH world.