Telnet provides users with a bidirectional interactive text-oriented communication system that utilizes a virtual terminal over an 8-byte connection. User data is interspersed in-band with Telnet control information over the transmission control protocol TCP. Often, Telnet was used on a terminal to execute functions remotely.
To connect to the server using the Telnet protocol, the user enters a command prompt by following this syntax: telnet hostname port. The user then executes commands on the server by using specific Telnet commands into the Telnet prompt. Telnet sessions between the client and the server are not encrypted without a workaround. But if Telnet is long outdated and vulnerable to a security attack, why use it in the first place?
The fun answer is, even geeks get nostalgic for the good old days. Enthusiasts of all stripes often share a penchant for outdated technology. Think of current day audiophiles who prefer vinyl listening to vinyl over streaming services. And though Telnet communications are sent in plain-text, insecure and unencrypted, Kerberos can provide an encryption workaround while SSH can provide a Telnet alternative.
Named after the guard dog of Hades think Fluffy, the three-headed dog in Harry Potter , Kerberos is an authentication protocol that requires both the user and the server to prove their identities.
Since Telnet is an insecure interface, you can essentially layer Kerberos over Telnet communications to verify your identity while avoiding login information exposure. Kerberos is derived from symmetric key algorithms that use the same key for encryption as decryption, so it is capable of symmetric and asymmetric cryptography.
Authentication in Kerberos is complex, but you can find a summary of it here. A few years ago, researchers found that Kerberos didn't always encrypt the entirety of a sent ticket. Since then, this particular vulnerability has been patched, but it is still vulnerable when used with several versions of Windows Server, Vista, and Windows 7, 8, and 8. This network attack requires very little expertise and can be performed with network debugging tools that are readily available.
Packet sniffing attacks like the above were the underlying reason for developing SSH, and they were the most common security problem on the Internet already in the mids. Today mass monitoring and mass collection of credentials from the Internet by intelligence agencies, criminals, and hackers is routine.
The figure below presents a sample mock attack on an unprotected network protocol such as Telnet. Without encryption the data communications can be read by anyone that has access to the network packet stream. In the figure above the black terminal window is used to run a common network traffic analysis tool tcpdump while the maroon window is used to run a Telnet session to a weather information service.
A closer look at the tcpdump window reveals that the contents of the Telnet session are easily readable from the traffic dump — as would be usernames, passwords, and other details if such had been transmitted. Needlessly opened ports represent one of the most significant security problems in today's IoT ecosystem. Telnet is an unsecure communication protocol commonly used to connect to devices through an opened port and one of the most considerable headaches for device owners and security professionals alike.
The Telnet protocol has been around for a long time, and by long, we mean decades. It had a straightforward purpose; to allow users to connect to their devices through a command-line interface. It served its purpose, but its unsecure nature meant that it had to be replaced. Or at least that was the initial intention. And this is where the problems begin. In their constant race to offer consumers new devices and fill various market niches, manufacturers take shortcuts.
One of the primary shortcuts is to curtail the implementation of appropriate security policies that eventually lead to attackers compromising the hardware. Some router manufacturers still use Telnet and leave it open, in addition to committing other security blunders, like hardcoded credentials, for example.
0コメント