Telnet



next up previous contents
Next: File Transfer Protocol Up: Threats Associated With Previous: Threats Associated With

Telnet

 

The TELNET protocol allows a user to log into a system over the network and use that system as though the user was sitting at a terminal that was directly connected. The client and server programs which use the TELNET protocol are telnet and telnetd, respectively. The telnet command provides a user interface to a remote system. If telnet is invoked with the name of a remote host as an argument, a prompt is displayed and a user can log in as if they had called the system with a modem. Logging into a system using telnet can pose a security risk because a username and password are sent over the network in plain text one character per packet. Since these characters are not encrypted, it is possible for an electronic eavesdropper to capture a username and password for a system for which a telnet connection is being established.

In addition to the danger of network snooping, using the TELNET protocol presents the same sort of security risks as dial-in modems. ``Practical UNIX Security'' [GS91] lists the following reasons why using the TELNET protocol with a wide area network poses more risks than those posed by modems.



next up previous contents
Next: File Transfer Protocol Up: Threats Associated With Previous: Threats Associated With



John Barkley
Fri Oct 7 16:17:21 EDT 1994