Re: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 618

[James Fields <jvfields () tds net>]

A user with a sniffer can easily capture your username and password from
the telnet session.  If you are on switched ethernet this is a little
more difficult but a determined user (and one who doesn't mind
potentially impacting network performance) can still sniff on a switched
network.

Your best bet is to use SSH instead of telnet.

On Tue, 2003-06-24 at 04:07, Hilal Hussein wrote:
> Hello All,
>
> i am not sure if i am asking the right question within the same subject,but 
> i am configuring the firewall throught the telnet connecting / from winxp 
> workstation.
>
> Is there any possibility for any internal user to use any tools that will 
> haijack my telnet password - password for the firewall too!, and what are 
> the measurements for securing the telnet session.
>
> with regards,
> Hilal Hussein
>  
> ------------
> James V. Fields


---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------