Securing the VOS Telnet Daemon

More documents

Recommendations

Info

Using SSH tunnels � To set up the RSN server to connect to the system using SSH tunnels instead of telnet • Change the telnetservice file so that the rsn_incoming service specifies the local_ip address of 127.0.0.1 rsn_incoming window_term "keepalive nodelay " "RSN Incoming Service" + 0 1 rsn_in.m17 "-local_ip 127.0.0.1“ tcp 0 0 127.0.0.1:85 *:* LISTEN • Specify an ssh_uid in the update_rsnip_site command � Since the SSH client is being run automagically by the RSN server it cannot prompt for a password and so you must also set up SSH public key authentication for the specified user on both the RSN Server and the module • Public Key setup is left as an exercise for the reader or a possible future talk 16
Using SSH tunnels � Scanners will not detect anything listening on port 85 but they will detect port 22 � When using tunnels you do not have to worry about illicit connections made via forwarding � HOWEVER, my comment still stands, unless you have a very good reason to allow forwarding it should be turned off. 17
Page 1 and 2: Securing the VOS Telnet Daemon Noah
Page 3 and 4: Background - why is the Telnet daem
Page 5 and 6: Restricting connections with TCP Wr
Page 11 and 12: Selective listening with -local_ip
Page 13 and 14: Using SSH tunnels � When using an
Page 15: Using SSH tunnels C Telnetd Port 23
Page 19 and 20: Using IPSec � ipsec.conf file •
Page 21 and 22: Using IPSec spd[2] spd index = 2 sa
Page 23 and 24: What not to do � Do not remove (o
Page 25 and 26: Questions? a = b a^2 = a*b a^2-b^2

Securing the VOS Telnet Daemon

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?