Mailinglist Archive: opensuse-security (138 mails)

< Previous Next >
Re: [suse-security] Re: Why Install Telnet by Default?
  • From: Randall R Schulz <rschulz@xxxxxxxxx>
  • Date: Thu, 8 Dec 2005 08:43:10 -0800
  • Message-id: <200512080843.10832.rschulz@xxxxxxxxx>
Allen,

On Thursday 08 December 2005 08:37, Allen wrote:
> Telnet is only insecure because it sends usernames and passwords in
> the clear and that's a bad idea over the internet because it can be
> snooped. However, on a LAN where you want to tinker, this is fine.

It's also not secure in that it sends _all_ the data, inbound and
outbound, unencrypted.


> It's installed by default because some routers MAKE you use it and
> it's kindof dumb not to install it. That's all. Having it installed
> isn't insecire but using it to connect to a machine over the internet
> COULD be.

As others have pointed, out, it's also a handy diagnostic tool even if
it has limited utility for its original purpose.


Lastly, if it's used only between hosts on a secure intranet, there's no
reason not to use it and it clearly places less demand on CPU since
there's no encryption and decryption computation to perform on all
traffic in and out.


> -Allen


Randal Schulz

< Previous Next >
Follow Ups