Solved

Need a secure TELNET connection to work. Secure Telnet? VPN?

Posted on 2014-07-28
19
361 Views
Last Modified: 2014-09-20
We are running PICK (D3 flavor) on Red Had Linux. I want a secure way remote users can connect and keep our server secure.

I have done some preliminary work and utilized a second public IP and set up a Router with a 192.168.2.* network.
Our main network is 192.168.1.*

We use a terminal emulator software to access PICK called TinyTerm ITX and in an effort to try to a secure connection,
on the main 1.1 Router I made Port Forwarding connection from External 992 to Internal 23 port. Everything worked fine.

1) Is that Secure?
2) Is it possible to be more secure by utilizing an SSL VPN router and/or VPN software using the 2.* network?
3) Is possible to setup a server or computer on the 2.* network to then connect only to the 1.* network PICK server and nothing else? We currently have a Mac mini server that isnt being used. Also a new HP computer. Should we use mac mini server or some flavor of Linux for this?  Also, how do I setup that "man in the middle" server or PC to only communicate with the PICK server and nothing else on the network? Some kind of static route or ?

Need your advice and help.

Sincerely,
Happytech
0
Comment
Question by:TheHappyTech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 6
  • 2
  • +1
19 Comments
 
LVL 83

Accepted Solution

by:
Dave Baldwin earned 250 total points
ID: 40223752
Most people use SSH for a secure terminal connection.  SSH is not SSL.
0
 
LVL 25

Expert Comment

by:Mohammed Khawaja
ID: 40223763
I recommend you implement SSH instead of Telnet as SSH is secure.  You could implement VPN, SSL VPN, etc. but in my opinion, SSH suffices and eliminates the needs of VPN, etc.  For a SSH client, I recommend using PUTTY or TerraTerm if there is no budget to purchase software.  Else I recommend SecureCRT as it is widely used and very user friendly.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40224748
SSH can also forward X11 and database connections over same encrypted channel. that should greatly ease firewall setup.

Which terminal mode you use on tinyterm itx? I'd suggest trying absolutely free putty instead if used terminal type overlaps.
0
The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

 

Author Comment

by:TheHappyTech
ID: 40224751
Ok, here is one issue with SSH.

When someone connects through SSH from the outside, they will come to our RH linux login. (We do that for our
Linux person). But if someone connects through telnet, they get the login for PICK.

1) Is that something maybe encoded into Linux?

2) Can I port forward from an outside port (2222 for example) to internal port 22 and still be secure?

Thank you kindly Dave and Mohammed
0
 
LVL 62

Expert Comment

by:gheist
ID: 40224903
In linux you can select inital shell for each user. Either PICK, or bash, or nologin.
0
 

Author Comment

by:TheHappyTech
ID: 40225043
Here is the interesting thing (I say this as a Windows person with little PICK or Linux experience),
the PICK login is set to "nologin."
0
 
LVL 62

Expert Comment

by:gheist
ID: 40225076
There is one user that owns DB files. Or apache files or whatever. That should not log in.
0
 

Author Comment

by:TheHappyTech
ID: 40225274
We have only the administrator, the outside Linux consultant and PICK users on the linux server.
All the rest of the users are PICK/D3 users so I guess the PICK software is handling that.

How can I make PICK users, who will access remotely use SSH?
Because right now if someone connects with SSH (port 22) they get a Linux prompt,
but if they connect with Telnet (port 23) they automatically get to a Pick login/password screen.

Is there somewhere in Linux and/or in the PICK software I can make PICK users use SSH and still get to
a PICK login? (I hope I am wording that correctly).

HappyTech
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 250 total points
ID: 40225347
netstat -nap | grep LISTEN

What is listening on port 23 and what on 22?
should be xinetd and sshd in normal linux
0
 

Author Comment

by:TheHappyTech
ID: 40225743
I ran the command and couldnt find xinetd or sshd unfortunately.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40226024
Can you help by teling what program is serving your telnet port and what program is serving your ssh port?
0
 

Author Comment

by:TheHappyTech
ID: 40233169
Excellent question Gheist. I know we are using Red Hat Linux and PICK (D3 flavor).

Is there a way I can find myself which program serves telnet and ssh?

Ben
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 40233199
In a 'plain' system, 'telnetd' would serve telnet connections and 'sshd' would serve SSH connection.  You would normally find these in your 'services' list.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40233611
netstat -nap | grep 2[12]
0
 

Author Comment

by:TheHappyTech
ID: 40311515
I've requested that this question be deleted for the following reason:

too complicated...
0
 
LVL 62

Expert Comment

by:gheist
ID: 40311516
It does not mean nobody helped you.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40314186
Split between:
Common sense - use SSH http:#a40223752
Assess network services - http:#a40225347
(by where asker gave up it should have yielded good recipe on how to secure telnet and pick connections)
0

Featured Post

Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Overview Often, we set up VPN appliances where the connected clients are on a separate subnet and the company will have alternate internet connections and do not use this particular device as the gateway for certain servers or clients. In this case…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question