2.3.4 Ensure telnet client is not installed

Information

The telnet package contains the telnet client, which allows users to start connections to
other systems via the telnet protocol.

Rationale:

The telnet protocol is insecure and unencrypted. The use of an unencrypted transmission
medium could allow an unauthorized user to steal credentials. The ssh package provides
an encrypted session and stronger security and is included in most Linux distributions.

Solution

Uninstall telnet using the appropriate package manager or manual installation:

# yum remove telnet

# apt-get remove telnet

# zypper remove telnet

Impact:

Many insecure service clients are used as troubleshooting tools and in testing
environments. Uninstalling them can inhibit capability to test and troubleshoot. If they are
required it is advisable to remove the clients after use to prevent accidental or intentional
misuse.

See Also

https://workbench.cisecurity.org/files/2420

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-2(1), CSCv6|3.4, CSCv7|4.5

Plugin: Unix

Control ID: 49ac151b8b018ecbb4cc381091e0d2352754b99425e0337eeb2ef29eb07ff104