Solved

Need a secure TELNET connection to work. Secure Telnet? VPN?

Posted on 2014-07-28
19
329 Views
Last Modified: 2014-09-20
We are running PICK (D3 flavor) on Red Had Linux. I want a secure way remote users can connect and keep our server secure.

I have done some preliminary work and utilized a second public IP and set up a Router with a 192.168.2.* network.
Our main network is 192.168.1.*

We use a terminal emulator software to access PICK called TinyTerm ITX and in an effort to try to a secure connection,
on the main 1.1 Router I made Port Forwarding connection from External 992 to Internal 23 port. Everything worked fine.

1) Is that Secure?
2) Is it possible to be more secure by utilizing an SSL VPN router and/or VPN software using the 2.* network?
3) Is possible to setup a server or computer on the 2.* network to then connect only to the 1.* network PICK server and nothing else? We currently have a Mac mini server that isnt being used. Also a new HP computer. Should we use mac mini server or some flavor of Linux for this?  Also, how do I setup that "man in the middle" server or PC to only communicate with the PICK server and nothing else on the network? Some kind of static route or ?

Need your advice and help.

Sincerely,
Happytech
0
Comment
Question by:TheHappyTech
  • 8
  • 6
  • 2
  • +1
19 Comments
 
LVL 82

Accepted Solution

by:
Dave Baldwin earned 250 total points
Comment Utility
Most people use SSH for a secure terminal connection.  SSH is not SSL.
0
 
LVL 24

Expert Comment

by:Mohammed Khawaja
Comment Utility
I recommend you implement SSH instead of Telnet as SSH is secure.  You could implement VPN, SSL VPN, etc. but in my opinion, SSH suffices and eliminates the needs of VPN, etc.  For a SSH client, I recommend using PUTTY or TerraTerm if there is no budget to purchase software.  Else I recommend SecureCRT as it is widely used and very user friendly.
0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
SSH can also forward X11 and database connections over same encrypted channel. that should greatly ease firewall setup.

Which terminal mode you use on tinyterm itx? I'd suggest trying absolutely free putty instead if used terminal type overlaps.
0
 

Author Comment

by:TheHappyTech
Comment Utility
Ok, here is one issue with SSH.

When someone connects through SSH from the outside, they will come to our RH linux login. (We do that for our
Linux person). But if someone connects through telnet, they get the login for PICK.

1) Is that something maybe encoded into Linux?

2) Can I port forward from an outside port (2222 for example) to internal port 22 and still be secure?

Thank you kindly Dave and Mohammed
0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
In linux you can select inital shell for each user. Either PICK, or bash, or nologin.
0
 

Author Comment

by:TheHappyTech
Comment Utility
Here is the interesting thing (I say this as a Windows person with little PICK or Linux experience),
the PICK login is set to "nologin."
0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
There is one user that owns DB files. Or apache files or whatever. That should not log in.
0
 

Author Comment

by:TheHappyTech
Comment Utility
We have only the administrator, the outside Linux consultant and PICK users on the linux server.
All the rest of the users are PICK/D3 users so I guess the PICK software is handling that.

How can I make PICK users, who will access remotely use SSH?
Because right now if someone connects with SSH (port 22) they get a Linux prompt,
but if they connect with Telnet (port 23) they automatically get to a Pick login/password screen.

Is there somewhere in Linux and/or in the PICK software I can make PICK users use SSH and still get to
a PICK login? (I hope I am wording that correctly).

HappyTech
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 61

Assisted Solution

by:gheist
gheist earned 250 total points
Comment Utility
netstat -nap | grep LISTEN

What is listening on port 23 and what on 22?
should be xinetd and sshd in normal linux
0
 

Author Comment

by:TheHappyTech
Comment Utility
I ran the command and couldnt find xinetd or sshd unfortunately.
0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
Can you help by teling what program is serving your telnet port and what program is serving your ssh port?
0
 

Author Comment

by:TheHappyTech
Comment Utility
Excellent question Gheist. I know we are using Red Hat Linux and PICK (D3 flavor).

Is there a way I can find myself which program serves telnet and ssh?

Ben
0
 
LVL 82

Expert Comment

by:Dave Baldwin
Comment Utility
In a 'plain' system, 'telnetd' would serve telnet connections and 'sshd' would serve SSH connection.  You would normally find these in your 'services' list.
0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
netstat -nap | grep 2[12]
0
 

Author Comment

by:TheHappyTech
Comment Utility
I've requested that this question be deleted for the following reason:

too complicated...
0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
It does not mean nobody helped you.
0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
Split between:
Common sense - use SSH http:#a40223752
Assess network services - http:#a40225347
(by where asker gave up it should have yielded good recipe on how to secure telnet and pick connections)
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Suggested Solutions

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now