Full Disclosure mailing list archives
Re: Re: Re: open telnet port
From: Barrie Dempster <barrie () reboot-robot net>
Date: Thu, 09 Sep 2004 14:15:06 +0100
On Thu, 2004-09-09 at 14:28, ktabic wrote:
How about, as a service to enable as you are updating SSH remotely from the other side of the country to fix the most recent problem security problem and need a backup system to get into the server in the event that something goes wrong? ktabic
In that case I'd do one of the following, 1. Run a separate instance of ssh on another port and keep an active connection. 2. Run any other encrypted access method. 3. Call my data centre to help me out, since thats what i pay them for. Telnet should not be used as a last resort, it should only be used as the _only_ resort, by that I mean embedded devices not capable of anything other than telnet. Although anyone with security in mind wouldn't purchase a device of this type. This is the second post recommending telnet as a backup access method. So you guys are telling us..... "People are sniffing your passwords, use SSL!!!! but if you want plain text just use it, they don't sniff your passwords when you are doing emergency repairs" _slightly_ paraphrased obviously. Do you guys honestly believe the things you say? Set your systems up properly with a backup login method if you need it, but don't run it until you are doing something that might make it necessary and ENCRYPT it. Laziness on the part of the admin is a major contributing factor to most security incidents, Using telnet has only been justified by the fact that you are too lazy to setup a proper alternate access method. On my server if I break the firewall rules or in some other way prevent myself getting remote access (including halting the machine), I have an alternate login method which I can access over ssh giving me access to the machines local terminals, provided by my data centre. That's because the people employed in the data centre are not lazy admins and know what they are doing. -- Barrie Dempster (zeedo) - Fortiter et Strenue http://www.bsrf.org.uk [ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Re: Re: Re: open telnet port, (continued)
- Re: Re: Re: open telnet port Dave Ewart (Sep 09)
- Re: Re: Re: Re: open telnet port Dave Horsfall (Sep 09)
- Re: Re: Re: open telnet port list (Sep 09)
- Re: Re: Re: open telnet port Honza Vlach (Sep 09)
- Re: Re: Re: open telnet port Barrie Dempster (Sep 09)
- Re: Re: Re: open telnet port Kim B. Nielsen (Sep 09)
- Re: Re: Re: open telnet port Kenneth Ng (Sep 09)
- Re: Re: Re: open telnet port Dave Ewart (Sep 09)
- Re: Re: Re: open telnet port Andrew Haninger (Sep 09)
- Re: Re: Re: open telnet port ktabic (Sep 09)
- Re: Re: Re: open telnet port Barrie Dempster (Sep 09)
- Re: Re: Re: open telnet port Andrew Haninger (Sep 09)
- Re: Re: Re: open telnet port Gary E. Miller (Sep 09)
- Re: Re: Re: open telnet port Andrew Haninger (Sep 09)
- Re: Re: Re: open telnet port ktabic (Sep 09)
- Re: Re: Re: open telnet port Andrew Haninger (Sep 09)
- Re: Re: Re: open telnet port Valdis . Kletnieks (Sep 09)
- Re: Re: Re: open telnet port Paul W. Roach III (Sep 09)
- Re: Re: Re: open telnet port Andrew Farmer (Sep 09)
- Re: Re: Re: open telnet port Kenneth Ng (Sep 09)
- Re: Re: Re: open telnet port Volker Tanger (Sep 09)