Can you explain why Telnet is easy to compromise and what an enterprise can use as a more secure replacement for Telnet?
Ask the expert!
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today! (All questions are anonymous.)
There is simply no excuse for using the Telnet protocol on a modern network. Any organization that relies on Telnet should immediately take steps to switch to a more secure protocol for connecting to remote systems.
The Telnet protocol is older than most system administrators! It was developed in 1969 as a rudimentary tool to allow users to make text-based connections between computers. This was revolutionary at the time, providing one of the first facilities for communicating across the fledgling Internet.
To understand Telnet security risks, it is necessary to understand the context in which the protocol was developed. The Internet of 1969 was an incredibly different place. There was a grand total of four sites on the Internet, and they belonged to research universities working in conjunction with the U.S. military. The users of the Internet literally knew one another personally and were working on the same projects. There was simply no security threat.
In this idyllic world of the early Internet, the designers of the Telnet protocol focused exclusively on functionality. They did not add any security features beyond a simple username and password authentication scheme and, as it turns out, developed an inherently insecure protocol. The fundamental flaw with Telnet is that it does not use any encryption. Anyone eavesdropping on a network segment can view all Telnet traffic (including the usernames and passwords) in the clear as it transits the network.
As the Internet grew, this limitation quickly became apparent. In 1995, developers released the first version of a new tool called the secure shell (SSH) that provides Telnet-like functionality over a secure encrypted tunnel. Sixteen years later, there is simply no excuse to be relying upon the half-century old Telnet protocol. It’s time to switch to this Telnet alternative!
Related Q&A from Mike Chapple, Enterprise Compliance
The HHS security risk assessment tool is designed to help healthcare providers meet the HIPAA security requirement. Expert Mike Chapple explains how ...continue reading
PCI DSS requirement 6.6 demands application security compliance through one of two options: an application firewall or a code review. Expert Mike ...continue reading
Are HIPAA-compliant hosting services a better option for compliance than a secure storage API? Expert Mike Chapple analyzes.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.