On Thu, 21 Sep 2000, Henry B. Hotz wrote:


> When you enable telnet I hope you are thinking a little bit about the 
> security implications.  Not much of an issue if you only have a local 
> LAN, but if you have internet connectivity then you should worry 
> about how you authenticate.  Cleartext passwords are a bad idea these 
> days.

Cleartext passwords were always a bad idea. 

If you're just accessing telnet from a local LAN, then firewall the
telnet port against outside connections. If you need access from the
outside, then look into SSH, first of all.

If you cannot install software on the machines you need to connect from
(SSH clients are out), then use OPIE on the server.

OPIE prevents passive eavesdropping attacks (sniffing), by using a
different token each time. But, you can pre-compute the responses to
the various challenges ahead of time, and print them out. Print out
10 or 20 of them and keep them next to your Visa card in your wallet.

Alternatively, if you have a Palm pilot, or an HP (TI too?) calculator you
can get OPIE token generators for those machines. 

-- 
Michael Graffam (mgraffam@idsi.net)
The importance of a suburban struggle has usually been underestimated;
it is really very great. - Che Guevara (Guerilla Warfare, "Suburban Warfare")