Every so often it's necessary to access a decades-old server that uses an outdated protocol like Teletype Network, commonly known as Telnet. The problem is, Telnet doesn't use encryption, which could put you at security risk. Here's what you need to know.
Telnet is a protocol developed in 1969 that provides a command-line interface for communication with a remote device or server. Sometimes Telnet is used for remote management or the initial setup of network hardware. It can also be used to test or troubleshoot remote web or mail servers, as well as for accessing remote MUDs (multi-user dungeon games) and trusted internal networks.
But since the development of Telnet came before the mainstream adoption of the Internet, it doesn't employ encryption. So it's outdated security-wise. Although there are protocols that have effectively replaced Telnet, in rare instances, it's still necessary to access legacy equipment unsupported by more up-to-date protocols. Luckily, there are options for securing Telnet sessions—but first, a quick overview of how this protocol operates and where you might encounter it.
How Does Telnet Work?
Telnet provides users with a bidirectional interactive text-oriented communication system that utilizes a virtual terminal over an 8-byte connection. User data is interspersed in-band with Telnet control information over the transmission control protocol (TCP). Often, Telnet was used on a terminal to execute functions remotely.
To connect to the server using the Telnet protocol, the user enters a command prompt by following this syntax: telnet hostname port. The user then executes commands on the server by using specific Telnet commands into the Telnet prompt.
Telnet Security Issues
Telnet sessions between the client and the server are not encrypted without a workaround. So those with access to the TCP/IP packet flow between hosts can observe all of the traffic, listen in, and record potentially sensitive information like logins and passwords of users connecting to the Telnet server.
Why Use the Telnet Protocol Today?
Telnet has mostly been overlapped by Secure Shell (SSH) protocol, at least on the public internet. But if Telnet is long outdated and vulnerable to a security attack, why use it in the first place?
The fun answer is, even geeks get nostalgic for the good old days. Enthusiasts of all stripes often share a penchant for outdated technology. (Think of current day audiophiles who prefer vinyl listening to vinyl over streaming services.) For example, you can watch Star Wars Episode IV in full-text in Telnet, check the weather forecast, talk to Eliza, the AI Psychotherapist, and more.
But in non-trivial instances, you may need to access an old UNIX server or CISCO router requiring a Telnet connection. And though Telnet communications are sent in plain-text, insecure and unencrypted, Kerberos can provide an encryption workaround while SSH can provide a Telnet alternative.
How to Encrypt the Telnet Protocol
Named after the guard dog of Hades (think Fluffy, the three-headed dog in Harry Potter), Kerberos is an authentication protocol that requires both the user and the server to prove their identities. Since Telnet is an insecure interface, you can essentially layer Kerberos over Telnet communications to verify your identity while avoiding login information exposure.
Kerberos is derived from symmetric key algorithms that use the same key for encryption as decryption, so it is capable of symmetric and asymmetric cryptography.
Authentication in Kerberos is complex, but you can find a summary of it here.
A few years ago, researchers found that Kerberos didn't always encrypt the entirety of a sent ticket. Since then, this particular vulnerability has been patched, but it is still vulnerable when used with several versions of Windows Server, Vista, and Windows 7, 8, and 8.1.
SSH (Secure Shell) as an Alternative to Telnet
For those using Unix and Linux operating systems, OpenSSH is free with the OS and it can be used as a secure alternative to Telnet. Some say SSH provides more security than Telnet, but only as it refers to the original Telnet usage—like simulating a local terminal on a remote machine.
According to a SANS forum entry, conventional wisdom says that SSH is more secure than Telnet. It's encrypted and protects from someone sniffing out credentials, or logging onto the wrong machine. But if SSH is running on a default port accepting connections from any system and IP, relying on a username/password pair, you may be as unsafe as when you run Telnet. The key to running SSH is to run it on a non-standard port.
While it's not likely that you will come across equipment requiring the Telnet protocol, it's best to know what you're working with so you can ensure your Telnet sessions are secure.