Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Need a secure TELNET connection to work. Secure Telnet? VPN?

Posted on 2014-07-28
19
Medium Priority
?
376 Views
Last Modified: 2014-09-20
We are running PICK (D3 flavor) on Red Had Linux. I want a secure way remote users can connect and keep our server secure.

I have done some preliminary work and utilized a second public IP and set up a Router with a 192.168.2.* network.
Our main network is 192.168.1.*

We use a terminal emulator software to access PICK called TinyTerm ITX and in an effort to try to a secure connection,
on the main 1.1 Router I made Port Forwarding connection from External 992 to Internal 23 port. Everything worked fine.

1) Is that Secure?
2) Is it possible to be more secure by utilizing an SSL VPN router and/or VPN software using the 2.* network?
3) Is possible to setup a server or computer on the 2.* network to then connect only to the 1.* network PICK server and nothing else? We currently have a Mac mini server that isnt being used. Also a new HP computer. Should we use mac mini server or some flavor of Linux for this?  Also, how do I setup that "man in the middle" server or PC to only communicate with the PICK server and nothing else on the network? Some kind of static route or ?

Need your advice and help.

Sincerely,
Happytech
0
Comment
Question by:TheHappyTech
  • 8
  • 6
  • 2
  • +1
17 Comments
 
LVL 84

Accepted Solution

by:
Dave Baldwin earned 1000 total points
ID: 40223752
Most people use SSH for a secure terminal connection.  SSH is not SSL.
0
 
LVL 25

Expert Comment

by:Mohammed Khawaja
ID: 40223763
I recommend you implement SSH instead of Telnet as SSH is secure.  You could implement VPN, SSL VPN, etc. but in my opinion, SSH suffices and eliminates the needs of VPN, etc.  For a SSH client, I recommend using PUTTY or TerraTerm if there is no budget to purchase software.  Else I recommend SecureCRT as it is widely used and very user friendly.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40224748
SSH can also forward X11 and database connections over same encrypted channel. that should greatly ease firewall setup.

Which terminal mode you use on tinyterm itx? I'd suggest trying absolutely free putty instead if used terminal type overlaps.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:TheHappyTech
ID: 40224751
Ok, here is one issue with SSH.

When someone connects through SSH from the outside, they will come to our RH linux login. (We do that for our
Linux person). But if someone connects through telnet, they get the login for PICK.

1) Is that something maybe encoded into Linux?

2) Can I port forward from an outside port (2222 for example) to internal port 22 and still be secure?

Thank you kindly Dave and Mohammed
0
 
LVL 62

Expert Comment

by:gheist
ID: 40224903
In linux you can select inital shell for each user. Either PICK, or bash, or nologin.
0
 

Author Comment

by:TheHappyTech
ID: 40225043
Here is the interesting thing (I say this as a Windows person with little PICK or Linux experience),
the PICK login is set to "nologin."
0
 
LVL 62

Expert Comment

by:gheist
ID: 40225076
There is one user that owns DB files. Or apache files or whatever. That should not log in.
0
 

Author Comment

by:TheHappyTech
ID: 40225274
We have only the administrator, the outside Linux consultant and PICK users on the linux server.
All the rest of the users are PICK/D3 users so I guess the PICK software is handling that.

How can I make PICK users, who will access remotely use SSH?
Because right now if someone connects with SSH (port 22) they get a Linux prompt,
but if they connect with Telnet (port 23) they automatically get to a Pick login/password screen.

Is there somewhere in Linux and/or in the PICK software I can make PICK users use SSH and still get to
a PICK login? (I hope I am wording that correctly).

HappyTech
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 1000 total points
ID: 40225347
netstat -nap | grep LISTEN

What is listening on port 23 and what on 22?
should be xinetd and sshd in normal linux
0
 

Author Comment

by:TheHappyTech
ID: 40225743
I ran the command and couldnt find xinetd or sshd unfortunately.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40226024
Can you help by teling what program is serving your telnet port and what program is serving your ssh port?
0
 

Author Comment

by:TheHappyTech
ID: 40233169
Excellent question Gheist. I know we are using Red Hat Linux and PICK (D3 flavor).

Is there a way I can find myself which program serves telnet and ssh?

Ben
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 40233199
In a 'plain' system, 'telnetd' would serve telnet connections and 'sshd' would serve SSH connection.  You would normally find these in your 'services' list.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40233611
netstat -nap | grep 2[12]
0
 

Author Comment

by:TheHappyTech
ID: 40311515
I've requested that this question be deleted for the following reason:

too complicated...
0
 
LVL 62

Expert Comment

by:gheist
ID: 40311516
It does not mean nobody helped you.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40314186
Split between:
Common sense - use SSH http:#a40223752
Assess network services - http:#a40225347
(by where asker gave up it should have yielded good recipe on how to secure telnet and pick connections)
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Determining the an SCCM package name from the Package ID
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question