Posted by: Anonymous Coward
on March 18, 2004 11:22 AM
|Two possible server access methods that can be used |in emergencies are TCP-wrappered telnet (so people |can telnet to a server, but only from a specific |other server within the same location, with the |plain text password not leaving the computer room) |and remote console access, again within a secure |computer room.
Having console access to your linux boxes is a good idea, esp. if you have a modem and a DID for you to connect in and access all of your boxes consoles. However, I do not see how using a telnetd for access is desireable, since if a cracker was able to exploit one of the machines all data on the system would be fair game for a concealed logging process. Furthermore, they might not even have to exploit one of the two machines in order to sniff the telnet traffic if they can poison the arp table of a switch.
If it's a large ammount of servers I would buy some serial to ethernet boxes and have a seperate network for console access with one bastion host that can access them all.
Also, you didn't mention to never use linux kernel modules. Sometimes bad people load bad things!
Learn about Linux
Download Linux
Get Linux help
why run a telnetd?
Posted by: Anonymous Coward on March 18, 2004 11:22 AM|in emergencies are TCP-wrappered telnet (so people
|can telnet to a server, but only from a specific
|other server within the same location, with the
|plain text password not leaving the computer room)
|and remote console access, again within a secure
|computer room.
Having console access to your linux boxes is a good idea, esp. if you have a modem and a DID for you to connect in and access all of your boxes consoles. However, I do not see how using a telnetd for access is desireable, since if a cracker was able to exploit one of the machines all data on the system would be fair game for a concealed logging process. Furthermore, they might not even have to exploit one of the two machines in order to sniff the telnet traffic if they can poison the arp table of a switch.
If it's a large ammount of servers I would buy some serial to ethernet boxes and have a seperate network for console access with one bastion host that can access them all.
Also, you didn't mention to never use linux kernel modules. Sometimes bad people load bad things!
drgalaxy
#