![](https://seccdn.libravatar.org/avatar/1894468da62db9a147076f1058c55019.jpg?s=120&d=mm&r=g)
Hi *, first read Answers from Markus, and you oftn don`t need to answer. ;-)))) But a little thing: 8.0 is discontinued ;-( http://www.suse.de/de/private/download/updates/index.html ftp://ftp.suse.com/pub/suse/discontinued/i386/ So you doesn`t work. Better don`t use this anymore. Btw. what about fou4s ;-)) Dirk Markus Gaugusch schrieb:
On Oct 20, Don Parris
wrote: I've just read an article about using ssh/telnet. The article suggested setting a Linux box in front of a mainframe, thus allowing users to telnet to the mainframe _after_ securely connecting to the Linux box via ssh.
That's the way one should go (IMHO).
The Linux Security Admin Guide also suggests not installing (or deleting) services you know you won't be using to prevent attackers from using them to access your system. So, other than using a Linux box as a front door for a mainframe telnet session, is there any valid reason to even install telnet, rlogin, etc.?
If you mean the telnet server: Clearly NO. The telnet client is still valueable, though. You can use it for many purposes (read your POP3 mail, HTTP requests, send mail via SMTP, ...), not only telnet (port 23).
Based on the SAG, I could eliminate telnet, etc., as I cannot think of any reason to use those services in my LAN (which has no mainframe). SUSE installs these services by default (at least as of 8.0), so I'm thinking about removing them, unless someone can offer good reasons to retain them. My LAN consists of 6 SUSE 8.0 boxes and currently has no connection to the outside world (though that may come at a later date). I want to be sure I thoroughly understand security issues and that I am implementing the best practices for my LAN _before_ I think about connecting it to the outside world. Thanks in advance for your input.
SuSE 8.0 will become unsupported in a few weeks/months, so you should not use 8.0 in an insecure environment. I also don't think that a telnet server is enabled by default on 8.0, but I may be wrong. Otherwise, your thoughts are correct and you seem to make everything right.
Markus
TRIA IT-consulting GmbH Joseph-Wild-Stra?e 20 81829 Munchen Germany Tel: +49 (89) 92907-0 Fax: +49 (89) 92907-100 http://www.tria.de -------------------------------------------------------- working hard | for your success -------------------------------------------------------- Registergericht Munchen HRB 113466 USt.-IdNr. DE 180017238 Steuer-Nr. 802/40600 Geschaftsfuhrer: Richard Hofbauer Rosa Igl -------------------------------------------------------- Nachricht von: dirk.schreiner@tria.de Nachricht an: markus@gaugusch.at, suse-security@suse.com # Dateianhange: 0 Die Mitteilung dieser E-Mail ist vertraulich und nur fur den oben genannten Empfanger bestimmt. Wenn Sie nicht der vorgesehene Empfanger dieser E-Mail oder mit der Aushandigung an ihn betraut sind, weisen wir darauf hin, da? jede Form der Kenntnisnahme, Veroffentlichung, Vervielfaltigung sowie Weitergabe des Inhalts untersagt ist. Wir bitten Sie uns in diesem Fall umgehend zu unterrichten. Vielen Dank The information contained in this E-Mail is privileged and confidental intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient or competent to deliver it to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this E-Mail is strictly prohibited. If you have received this E-Mail in error, please notify us immediately. Thank you