Securing the VOS Telnet Daemon

More documents

Recommendations

Info

Selective listening with –local_ip � Tells telnetd to only listen on a specific interface for the indicated port � The following line tells telnetd to only listen on the maintenance network interface for connections to the rsn_incoming service (port 85) rsn_incoming window_term "keepalive nodelay " "RSN Incoming Service" + 0 1 rsn_in.m17 "-local_ip 10.10.1.1“ netstat –numeric –all_sockets . . . . . tcp 0 0 10.10.1.1:85 *:* LISTEN . . . . . � Scans from networks other than the maintenance network will not see anything listening on port 85 10
Selective listening with –local_ip � Of course any host on the 10.10.1.0/24 subnet can make a connection on port 85 not just the RSN server • They will not be able to do anything except make the connection because the RSN software has its own protections • You can use the hosts.allow and hosts.deny files to lock it down to just the RSN server 11
Page 1 and 2: Securing the VOS Telnet Daemon Noah
Page 3 and 4: Background - why is the Telnet daem
Page 5 and 6: Restricting connections with TCP Wr
Page 7 and 8: Restricting connections with TCP Wr
Page 9: Restricting connections with TCP Wr
Page 13 and 14: Using SSH tunnels � When using an
Page 15 and 16: Using SSH tunnels C Telnetd Port 23
Page 17 and 18: Using SSH tunnels � Scanners will
Page 19 and 20: Using IPSec � ipsec.conf file •
Page 21 and 22: Using IPSec spd[2] spd index = 2 sa
Page 23 and 24: What not to do � Do not remove (o
Page 25 and 26: Questions? a = b a^2 = a*b a^2-b^2

Securing the VOS Telnet Daemon

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?