Telnet has been eclipsed by two feature-laden Secure Shell protocols. But which one is best?

InformationWeek Staff, Contributor

November 19, 2007

2 Min Read

Some of the protections that SSHv2 offers over SSHv1 and Telnet are:

  • Eavesdropping: SSHv2 protects against eavesdropping by encrypting all data, making it unreadable to potential eavesdroppers.

  • Domain Name System (DNS) and IP spoofing: SSHv2 wards off such attacks by cryptographically verifying the identity of the server. For every session, the SSH client validates the server's host key against a local list of available keys that are associated with server names and addresses. If the keys do not match, an immediate warning is issued.

  • Session hijacking: SSHv2 is unable to prevent hijackings because of an inherent flaw in the TCP layer. SSHv2 can, however, render the hijacking ineffective through its integrity-checking process. If a session is modified during transmission, SSHv2 will shut down the connection immediately without using the bogus data. SSHv2 uses the cryptographically strong hash functions MD5 and SHA-1 for integrity checking. This can also prevent replay or insertion attacks.

  • Protection against man-in-the-middle, or replay attacks: The man-in-the-middle attack is one of the biggest threats on an Ethernet network today.

There are two ways SSHv2 can protect against man-in-the-middle attacks:

  1. Server-host authentication: Because the attacker does not have the server's private host key, the attacker would have to break into the server host to pull off the impersonation. For this protection to be totally effective, the client must check the server-supplied public host key against its list of known hosts.

  2. Stronger authentication for the client: Passwords are vulnerable, but public keys and certificates are essentially immune to these types of attacks.

In this contest the choice is clear: SSHv2 and SFTP are certainly a best practice for managing switches. Just make sure that you turn off Telnet and TFTP on your switches and do not configure SSHv2 to fail back to SSHv1.

Jimmy Ray Purser is a networking and networking security expert at Cisco Systems.

About the Author(s)

InformationWeek Staff

InformationWeek Staff

Contributor

See more from InformationWeek Staff
Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
SIGN-UP

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

NHL's Calgary Flames at New Jersey Devils on February 8, 2024 in Newark, NJ
IT Infrastructure
NHL, Presidio, and a Transformation Power Move with Hybrid CloudNHL, Presidio, and a Transformation Power Move with Hybrid Cloud
byJoao-Pierre S. Ruth
Apr 5, 2024
6 Min Read
Online Privacy Security Threat Abstract Background Art
Cyber Resilience
Cyber Risks When Job Hunters Become the HuntedCyber Risks When Job Hunters Become the Hunted
byCarrie Pallardy
Apr 9, 2024
9 Min Read
Business innovative solution and creative concept as a paper boat tied to a light bulb
IT Leadership
9 Ways to Ensure Continuous Innovation9 Ways to Ensure Continuous Innovation
byLisa Morgan
Apr 2, 2024
9 Slides
Hand charging an electric car, leaves and butterflies emerge from the cars exhaust, idea of sustainable transportation. Green energy, eco friendly
Sustainability
Sustainable Transportation Takes OffSustainable Transportation Takes Off
bySamuel Greengard
Mar 26, 2024
5 Min Read
Robotic hand takes a slice out of a coin, representing money
Machine Learning & AI
Special Report: What's Next for the GenAI Market in 2024?Special Report: What's Next for the GenAI Market in 2024
bySara Peters
Mar 12, 2024
3 Min Read
Webinars
More Webinars
White Papers
More White Papers
Live Events
More Live Events
Reports
More Reports
May 2, 2024
While there are plentiful options in cyber resiliency and business continuity tools and platforms, there isn’t one that can knock out everything from sudden cloud outages to prolonged ransomware attacks in a single punch. What can you do to keep the company on its feet no matter what is thrown at it? Find out in this new virtual event.
Reserve Your Seat Now