AW: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 618

[Meidinger Christopher <christopher.meidinger () badenIT de>]

Hello Hilal,

Yes, there are many tools that will do that. dsniff, ettercap, ethereal and
MANY others will read your password as it goes by on the wire. It is
slightly more difficult on a switched network, but it can still be done.

You should not use telnet at all, use ssh (www.openssh.org) instead. The
windows client PuTTY is the most common choice to connect over ssh from
windows. As far as starting an ssh server on the firewall, you should be
able to do that in the same way that you started the telnet server. 

If you need more exact help, post to the list what type of firewall you are
using, and i am certain someone will help you get started. 

(Disclaimer: based on your question, you should [IMHO] definately read up a
bit on security before configuring a firewall)

badenIT GmbH
System Support
 
Chris Meidinger
Tullastrasse 70
79108 Freiburg


-----Ursprüngliche Nachricht-----
Von: Hilal Hussein [mailto:hilalma () hotmail com]
Gesendet: Tuesday, June 24, 2003 10:08 AM
An: bugtraq () planetcobalt net; security-basics () securityfocus com
Betreff: Re: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 618




Hello All,

i am not sure if i am asking the right question within the same subject,but 
i am configuring the firewall throught the telnet connecting / from winxp 
workstation.

Is there any possibility for any internal user to use any tools that will 
haijack my telnet password - password for the firewall too!, and what are 
the measurements for securing the telnet session.

with regards,
Hilal Hussein

_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE* 
http://join.msn.com/?page=features/junkmail


---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.

Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.

Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------