LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Merry Christmas from FreeBSD

Merry Christmas from FreeBSD

Posted Dec 24, 2011 4:45 UTC (Sat) by jmalcolm (guest, #8876)
In reply to: Merry Christmas from FreeBSD by mikov
Parent article: Merry Christmas from FreeBSD

I have also been surprised.

Just recently I decided to pursue formal certification on Cisco equipment. Modern Cisco routers and switches support SSH but it has to be setup. Telnet is the default.

What really surprises me though is that the Cisco training community uses Telnet heavily. The instructors in online courses Telnet around even after they show how to setup SSH. The craziest thing I have seen is companies that rent "rack-time", which is network access to real Cisco gear, using Telnet as the access method. Not only are they promoting Telnet as a standard practice to up-and-coming Network Engineers, they are trusting their business to it.

Given that I have always insisted on SSH even when logging into my home server or internal-only web servers, I was pretty surprised to find Telnet used so pervasively.

(Log in to post comments)

Cue for OpenWRT

Posted Dec 24, 2011 14:34 UTC (Sat) by proski (subscriber, #104) [Link]

Perhaps OpenWRT should ban telnetd and use ssh from the beginning, even without a password, so that nobody is exposed to using telnet, even temporarily.

Merry Christmas from FreeBSD

Posted Dec 26, 2011 0:32 UTC (Mon) by oblio (guest, #33465) [Link]

At least where I studied for the CCNA exams, they did use telnet.
*But* every time it was through a VPN connection. So telnet didn't really matter much, except for intranet password sniffing, maybe (IMO a much smaller risk).

Now that I think of it, there was a report about most company thefts being perpetrated by employees, so it would be a good idea to use SSH through VPN too :)

Merry Christmas from FreeBSD

Posted Dec 26, 2011 16:44 UTC (Mon) by jmalcolm (guest, #8876) [Link]

Yes, I have seen telnet used on a VPN but this is not a problem as you say. I have also seen it used on the open Internet as well. Crazy town.

In a training environment though, I am surprised they do not stress the use of SSH purely as an educational point.

Then again, the only Cisco training I have been exposed to used 'cisco' as the password on all devices. So, clearly convenience was trumping any demonstration of security best-practices in general.

Merry Christmas from FreeBSD

Posted Dec 26, 2011 16:45 UTC (Mon) by drag (subscriber, #31333) [Link]

If you want to try to prevent employee fraud your best bet is to monitor and log their activities on the company provided workstation.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds