6.10.6 Ensure Telnet is Not Set

Information

Cleartext Management Services should be disabled.

Rationale:

Telnet is a remote management protocol that allows users to connect to the command line of a JUNOS router or other device.

Because Telnet transmits all data (including passwords) in cleartext (unencrypted) over the network and provides no assurance of the identity of the hosts involved, it can allow an attacker to gain sensitive configuration, password and other data and is also vulnerable to session hijacking and injection attacks.

This makes Telnet and other unencrypted management applications completely unsuitable for managing network devices and Telnet should be disabled.

Impact:

Ensure administrative access via SSH or other secure method is configured and working before disabling Telnet in a production environment to ensure that administrative access is not lost.

Solution

To disable Telnet access issue the following command from the [edit system telnet] hierarchy;

[edit system services]
user@host# delete telnet

Default Value:

Telnet is disable by default on most current platforms. Telnet cannot be configured on JUNOS in FIPS Mode.

See Also

https://workbench.cisecurity.org/files/3069

Item Details

Category: IDENTIFICATION AND AUTHENTICATION, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|IA-2(1), 800-53|SI-4, CSCv7|9.2, CSCv7|11.5

Plugin: Juniper

Control ID: 925bfe3b7cee2c0a96c7b3c84a6a92bef77e94ffa7972ec35e39437d965ea97b