Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Telnet Security Question for a Router.

From: "Eric Schroeder" <ericschroeder () satel com>
Date: Wed, 11 Dec 2002 13:51:33 -0700
You can run SSH on some Cisco routers, depending on the software you are 
running.  TACACS+ will not cause the telnet session to be encrypted.  We 
use terminal servers that support SSH that are plugged into the console 
port of the router for some secure customers.

Eric





"Tony Toni" <tony572000 () hotmail com>
12/10/2002 07:45 PM

 
        To:     SECURITY-BASICS () SECURITYFOCUS COM
        cc: 
        Subject:        Telnet Security Question for a Router.



We were currently wrote up by our external auditors because we use telnet 
to 
access all of our routers.  In some cases we use a filtered Telnet 
service...but that is not the normal practice.  We are a fairly good size 
company with about 1000+ routers.

I am charged with coordinating a response to the auditors.   I know all of 

the security issues involved with Telnet...ie login id and password sent 
across the network in clear text, etc.   My question:   Is it possible to 
use SSH or CISCO TACACS+ to encrypt the entire Telnet session?  Is there a 

way to ensure no one can sniff the login id and password?   The Network 
Services Group is adamant that neither SSH or CISCO TACACS+ will work on a 

router to correct the security issue.

Tony CIA,CISA,CDP,MBA
Security and Audit Services
Nations Banking & Trust

PS: I have been playing phone tag with the auditor that wrote us up...to 
see 
what they recommend...have not reached him yet.





_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8. 
http://join.msn.com/?page=features/junkmail
Previous By Date Next
Previous By Thread Next

Current thread: