Re: Telnet Security Question for a Router.

["Chris Berry" <compjma () hotmail com>]

> From: "Tony Toni" <tony572000 () hotmail com>
> We were currently wrote up by our external auditors because we use telnet 
> to access all of our routers.  In some cases we use a filtered Telnet 
> service...but that is not the normal practice.  We are a fairly good size 
> company with about 1000+ routers.
>
> I am charged with coordinating a response to the auditors.   I know all of 
> the security issues involved with Telnet...ie login id and password sent 
> across the network in clear text, etc.   My question:   Is it possible to 
> use SSH or CISCO TACACS+ to encrypt the entire Telnet session?  Is there a 
> way to ensure no one can sniff the login id and password?   The Network 
> Services Group is adamant that neither SSH or CISCO TACACS+ will work on a 
> router to correct the security issue.

Well, you could use SSL or VPN to create a secure tunnel for the Telnet 
session, but SSH would be a much better choice, its designed for that sort 
of thing.  SSH works on most quality routers, what brand(s) do you have?

Chris Berry
compjma () hotmail com
Systems Administrator
JM Associates

"Live dangerously, overclock your servers."

_________________________________________________________________
The new MSN 8: advanced junk mail protection and 2 months FREE* 
http://join.msn.com/?page=features/junkmail