Secure alternatives to telnet and FTP
The argument of favoring convenience over security is no longer acceptable
in today's computing environment. Although there will be an initial learning
curve when using secure shell and secure FTP instead of telnet and FTP,
the transition is relatively painless and is a significant step toward improving
network security.
Telnet (including rlogin, rsh, and rcp)
By using telnet to remotely access a system, all commands, including username
and password authentication information, is sent in clear-text across the
network. Secure shell (ssh) is a secure replacement for telnet. With ssh,
all session information, including authentication information, travels over
the network in an encrypted tunnel.
An excellent free ssh client for Windows is PuTTY. On
UNIX platforms, OpenSSH is an open source
ssh client and server implementation.
You should use ssh to replace telnet, remote login (rlogin), and remote
shell (rsh).
Secure copy (scp), part of the ssh protocol suite, may be used to replace
remote copy (rcp). PSCP
is a free Windows scp client. scp is included in the OpenSSH suite on UNIX
platforms.
FTP
Similar to telnet, File Transfer Protocol (FTP) sends all authentication
and data in clear-text across the network. Not only can eavesdroppers obtain
your username and password with FTP, they can actually reconstruct the FTP
data stream into the transferred files with a tool like Wireshark.
Secure FTP (sftp), part of the ssh protocol suite, may be used to securely
transfer files. With sftp, all session information, including authentication
information, travels over the network in an encrypted tunnel.
PSFTP
is a free Windows command-line sftp client. WinSCP is a free Windows graphical user
interface sftp client.
On UNIX platforms, OpenSSH (and other commercial ssh implementations) includes
a command-line sftp client. gFTP is a graphical
user interface sftp and ftp client for UNIX platforms.
Back to brandonhutchinson.com.
Last modified: 01/16/2003