Monday, January 3, 2022

Does telnet client represent a security?

I always advice to disable telnet unless telnet use is absolutely necessary. Telnet sends authentication details (username and password) in clear text, allowing packet sniffers to read credentials. Further this can be used as a callout mechanism by malware.

Disabling the Telnet service will prevent logging into the server using valid account credentials.

Having a telnet client isn't a critical/high risk threat in itself, if you're using it within your local network. The less tools are left to the user, the less mistakes he can do with them.

The main usage of telnet client (Without enabling the server service) is to test network exchanges at low level. However this will be of no use for the general user and will only be required by the relevant administrators who wants to troubleshoot connectivity.

Simply the last assumption behind disabling the telnet client is that a user who really needs it will certainly be able to enable it.


0 comments: