written by: Regina Woodard•edited by: M.S. Smith•updated: 7/14/2011
Telnet protocols and services have been around since the very beginnings of computers and the Internet, providing the basis for how we connect to the web today. But there is a dark side to using it - the potential of being a victim due to a hack using telnet protocols.
slide 1 of 4
The Good Ole Days
Many computer users aren't aware of the ends and outs of what is happening during their online sessions. For IT pros and those with a vested interest in the technical world, learning these basics helps them obtain a better understanding of how computers work and for some, how to get around or prevent open doors.
Students of technology recieve their first taste when they learn the protocols that are involved with the OSI model, which is a standard in how communications work on your computer. A part of the model is Telnet, a common protocal used to gain access to systems through a command line interface. Even in modern computers, there is still a layer of telnet that is used for remote access.
Unfortunately, this ability to take control of a system remotely can be a security risk in the wrong hands.
slide 2 of 4
Anatomy of Telnet
The telnet protocol has been around since 1969 and was one of the first Internet standards to be developed and used. Essentially, telnet is used to gain access to a remote computer; those who started in the field of information technology or who first started to use the Internet may remember that many bulletin board systems (BBS) and newsgroup were reached through the use of telnet connections for users.
Users would log in to the system via a command line interface and then read their messages or any news. This was pretty much the standard in the 1990s and was used in many businesses, government facilities, and universities. Now of course we have web interfaces that make it easy for us to log in and check our emails, the news, RSS feeds, etc.
Because telnetting means gaining access to one computer via another, the potential danger of having your computer taken over by a hacker is very real. Using the telnet protocol to gain entry into remote computers is one of the first things that hackers learn. All that is needed for access is that of a computer or server's IP address and the connection port; vulnerabilities in port access give hackers a way in to a system, which then allows them to do anything from sending email to probing the services offered or running on that particular system.
slide 3 of 4
While telnet may still be used in some systems, the good news is that modern operating systems don't run telnet servers (unless the user installs one). In most cases, you (or anyone else) can't remote into a home computer or business computer through telnet. With that said, malicious threats such as viruses, malware, and spyware could be capable of installing programs that could allow hackers access, like botnets.
Protecting yourself against hackers using telnet is a part of the common sense that computer users should have when it comes to protecting their information.
Install and maintain your firewall. Most operating systems (like Windows) come with firewalls already built in to protect ports to your system. There are also various antivirus protection suites that will include firewalls for the extra protection. Usually, these are already set up to allow certain ports to be open (such as email) and for certain ports to be opened. Wireless routers and modems also have firewalls that can be configured; some video games or programs, for example, may need to have ports opened in order for them to work. Carefully go over which ports are needed before assignment.
Keep your antivirus program up to date. This should be a no brainer, but many computer users forget or don't update their antivirus programs until it's too late. Many free and paid programs have automatic updates and are set by default - any time there is an available update, it will download and install. You should always have the current version of your security software running on your computer.
Keep OS updated. Like your antivirus program, your operating system should always be kept up to date. Again, this is usually done automatically and can be configured early in the morning (3am is the default) or late at night so that you can continue working.
Always use encryption if possible when using programs. FTP servers, for instance, can be configured for security purposes so that a username and password need to be entered before connection, as well as having SSH encryption (preferred over telnet) to ensure that data transmitted is protected.
slide 4 of 4
Telnet is Not a Magic Hacking Tool from Critical Security, http://www.criticalsecurity.net/index.php/topic/16140-telnet-is-not-a-magical-hacking-tool/
Telnet - The Number One Hacking Tool from Happy Hacker, http://www.happyhacker.org/gtmhh/begin11.shtml