What????

..yeah, that's what I said... go install SSH in your server but let everyone else telnet.. sure...

What I said in my first post, is that if you are using telnet, you can't secure the connection into your network. That was the original point.

I then suggested to at least try SSH. OBVIOUSLY BOTH SERVER AND CLIENT. What's this, amateur hour? And again, you can "harden" anything you want, but if you do not "harden" the most important part, i.e., the connection into your network, it doesn't matter what you do, because if you are using telnet - regardless what client software uses the protocol - anything that leaves the client's computer leaves it in ASCII. Even if you connect into a server then have to jump to another, whatever leaves the client's computer ot hits the first server's NIC can be easily seen with a snoop, so a snoop will see what you are typing to jump into the other server anyway.

There's no "blind faith" in SSH. Who's saying is a "magic bullet"? It is simply more faith in an encrypted data stream rather than an ASCII data stream. Yes people can guess passwd's, but sure as hell are not going to just guess the private key that matches the public key on the server. I did add that even the encrypted transmission can be decrypted, but it'll take much, much more than your average passwd cracking software to do so. There's more to implementing SSH than just installing it and using it, you know?

No matter how much you analyze and configure and "process" a system: Absolute Truth #1 of network security: if it's on the network, it can be hacked.
First thing that you protect is the connection into the network. Without it, anything else you do is pretty much a waste of time.

You may lock all of your valuables in your house, but if you leave your front door wide open...

Yeah, I can still su-->root on any terminal, how to stop that.?

About ssh, I'm still checking with my application provider. From above discussion:So I have concluded that I should not continue with telnet anymore and if ssh is not possible then I'll obviously go for VPN but not for an open telnet method.....

I'm planning to use ssh for remote access only and continue with telnet from local computers, that should be fine?

One stupid question here: Is it possible that my KCML client which uses telnet might be using its own encryption method with the telnet tunnel and decrypt the data at KCML server end which is located at UNIX box? Why I'm asking this question here not to my software provider because I just want to confirm if this is possible and I don't want to give those guys a chance of thinking me as a stupid Pls confirm the possibility.

Thanks for all your replies.

Best Regards,
Tayyab

Telnet is a protocol. No matter which application you use to telnet, it'll still function the same way. So telnetting with KCML will basically be the same as telnetting with the telnet command.

Let me stress that no method is 100% safe. Like I said in my previous post, if it's on a network, it can be hacked. The difference is in how difficult you make it for hackers to break in. And that is the key concept. I can give you a dozen analogies about not protecting the front doors, but think about this:

Hacker tries and tries and tries and tries to break in. Depending on the skill level of the hacker, after so many tries, if he/she can't get in, he/she will eventually give up and go to the next target: A script kiddie that has but a tool he/she downloaded from the net will not get anywhere, while an elite hacker may take more time depending on what he sees.

However, whatever level the hacker is, IF HE GETS IN, then he's bound to put forth a higher effort in going further in his hacking activity.

So it is all about putting enough barriers up front to discourage further hacking events.
And that's what you as an admin can do to protect your servers.

Now, user stupidity, well, that's another battle.