Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
While Telnet is an older and vulnerable protocol, it is often enabled by default. Data is sent over the Telnet protocol as plaintext, which increases the risk of exposing passwords to attackers. If an attacker gains access to a poorly-secured Telnet server, they can easily connect to the device and laterally move across the network.
The system might change the risk score for this detection.
Kill Chain
Risk Score
56
After an attacker compromises a device on a network, they might start searching for databases, file servers, and other critical assets to compromise. Remote access protocols, such as Telnet, can enable an attacker to laterally move across a network, from one compromised device to the next. First, the attacker sends a connection request over Telnet to one or more devices. If one of these devices has Telnet enabled, the attacker might be able to log in with stolen credentials. Each authenticated Telnet session enables the attacker to remotely access information, helping them get closer to achieving their ultimate attack campaign objective.
Disable Telnet unless required
Implement strict access controls to devices that have Telnet enabled
Configure a firewall to block untrusted IP addresses from accessing devices that have Telnet enabled
