?
Solved

Need a secure TELNET connection to work. Secure Telnet? VPN?

Posted on 2014-07-28
19
Medium Priority
?
364 Views
Last Modified: 2014-09-20
We are running PICK (D3 flavor) on Red Had Linux. I want a secure way remote users can connect and keep our server secure.

I have done some preliminary work and utilized a second public IP and set up a Router with a 192.168.2.* network.
Our main network is 192.168.1.*

We use a terminal emulator software to access PICK called TinyTerm ITX and in an effort to try to a secure connection,
on the main 1.1 Router I made Port Forwarding connection from External 992 to Internal 23 port. Everything worked fine.

1) Is that Secure?
2) Is it possible to be more secure by utilizing an SSL VPN router and/or VPN software using the 2.* network?
3) Is possible to setup a server or computer on the 2.* network to then connect only to the 1.* network PICK server and nothing else? We currently have a Mac mini server that isnt being used. Also a new HP computer. Should we use mac mini server or some flavor of Linux for this?  Also, how do I setup that "man in the middle" server or PC to only communicate with the PICK server and nothing else on the network? Some kind of static route or ?

Need your advice and help.

Sincerely,
Happytech
0
Comment
Question by:TheHappyTech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 6
  • 2
  • +1
19 Comments
 
LVL 84

Accepted Solution

by:
Dave Baldwin earned 1000 total points
ID: 40223752
Most people use SSH for a secure terminal connection.  SSH is not SSL.
0
 
LVL 25

Expert Comment

by:Mohammed Khawaja
ID: 40223763
I recommend you implement SSH instead of Telnet as SSH is secure.  You could implement VPN, SSL VPN, etc. but in my opinion, SSH suffices and eliminates the needs of VPN, etc.  For a SSH client, I recommend using PUTTY or TerraTerm if there is no budget to purchase software.  Else I recommend SecureCRT as it is widely used and very user friendly.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40224748
SSH can also forward X11 and database connections over same encrypted channel. that should greatly ease firewall setup.

Which terminal mode you use on tinyterm itx? I'd suggest trying absolutely free putty instead if used terminal type overlaps.
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 

Author Comment

by:TheHappyTech
ID: 40224751
Ok, here is one issue with SSH.

When someone connects through SSH from the outside, they will come to our RH linux login. (We do that for our
Linux person). But if someone connects through telnet, they get the login for PICK.

1) Is that something maybe encoded into Linux?

2) Can I port forward from an outside port (2222 for example) to internal port 22 and still be secure?

Thank you kindly Dave and Mohammed
0
 
LVL 62

Expert Comment

by:gheist
ID: 40224903
In linux you can select inital shell for each user. Either PICK, or bash, or nologin.
0
 

Author Comment

by:TheHappyTech
ID: 40225043
Here is the interesting thing (I say this as a Windows person with little PICK or Linux experience),
the PICK login is set to "nologin."
0
 
LVL 62

Expert Comment

by:gheist
ID: 40225076
There is one user that owns DB files. Or apache files or whatever. That should not log in.
0
 

Author Comment

by:TheHappyTech
ID: 40225274
We have only the administrator, the outside Linux consultant and PICK users on the linux server.
All the rest of the users are PICK/D3 users so I guess the PICK software is handling that.

How can I make PICK users, who will access remotely use SSH?
Because right now if someone connects with SSH (port 22) they get a Linux prompt,
but if they connect with Telnet (port 23) they automatically get to a Pick login/password screen.

Is there somewhere in Linux and/or in the PICK software I can make PICK users use SSH and still get to
a PICK login? (I hope I am wording that correctly).

HappyTech
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 1000 total points
ID: 40225347
netstat -nap | grep LISTEN

What is listening on port 23 and what on 22?
should be xinetd and sshd in normal linux
0
 

Author Comment

by:TheHappyTech
ID: 40225743
I ran the command and couldnt find xinetd or sshd unfortunately.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40226024
Can you help by teling what program is serving your telnet port and what program is serving your ssh port?
0
 

Author Comment

by:TheHappyTech
ID: 40233169
Excellent question Gheist. I know we are using Red Hat Linux and PICK (D3 flavor).

Is there a way I can find myself which program serves telnet and ssh?

Ben
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 40233199
In a 'plain' system, 'telnetd' would serve telnet connections and 'sshd' would serve SSH connection.  You would normally find these in your 'services' list.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40233611
netstat -nap | grep 2[12]
0
 

Author Comment

by:TheHappyTech
ID: 40311515
I've requested that this question be deleted for the following reason:

too complicated...
0
 
LVL 62

Expert Comment

by:gheist
ID: 40311516
It does not mean nobody helped you.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40314186
Split between:
Common sense - use SSH http:#a40223752
Assess network services - http:#a40225347
(by where asker gave up it should have yielded good recipe on how to secure telnet and pick connections)
0

Featured Post

Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Preface There are many applications where some computing systems need have their system clocks running synchronized within a small margin and eventually need to be in sync with the global time. There are different solutions for this, i.e. the W3…
If, like me, you have a lot of Dell servers in the estate you manage this article should save you a little time. When attempting to login to iDrac on any server I would be presented with two errors. The first reads "Do you want to run this applicati…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question