Can you explain why Telnet is easy to compromise and what an enterprise can use as a more secure replacement for Telnet?
Ask the expert!
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today! (All questions are anonymous.)
There is simply no excuse for using the Telnet protocol on a modern network. Any organization that relies on Telnet should immediately take steps to switch to a more secure protocol for connecting to remote systems.
The Telnet protocol is older than most system administrators! It was developed in 1969 as a rudimentary tool to allow users to make text-based connections between computers. This was revolutionary at the time, providing one of the first facilities for communicating across the fledgling Internet.
To understand Telnet security risks, it is necessary to understand the context in which the protocol was developed. The Internet of 1969 was an incredibly different place. There was a grand total of four sites on the Internet, and they belonged to research universities working in conjunction with the U.S. military. The users of the Internet literally knew one another personally and were working on the same projects. There was simply no security threat.
In this idyllic world of the early Internet, the designers of the Telnet protocol focused exclusively on functionality. They did not add any security features beyond a simple username and password authentication scheme and, as it turns out, developed an inherently insecure protocol. The fundamental flaw with Telnet is that it does not use any encryption. Anyone eavesdropping on a network segment can view all Telnet traffic (including the usernames and passwords) in the clear as it transits the network.
As the Internet grew, this limitation quickly became apparent. In 1995, developers released the first version of a new tool called the secure shell (SSH) that provides Telnet-like functionality over a secure encrypted tunnel. Sixteen years later, there is simply no excuse to be relying upon the half-century old Telnet protocol. It’s time to switch to this Telnet alternative!
This was first published in March 2012