TELNET is an unsecure protocol that enables remote terminal connections by establishing virtual terminal sessions. It uses cleartext for authentication, allowing passwords to be easily sniffed. SSH was created as a secure replacement for TELNET and other insecure protocols, providing encryption, integrity checks, and authentication to prevent sniffing of passwords and data on untrusted networks.
2. 1. TELNET (Terminal Network)
• TELNET is an abbreviation for TErminaL NETwork.
• Is an application layer protocol used on the internet or local
area networks, enables the establishment of a
connection to a remote system in such a way that the
local terminal appears to be a terminal at the remote
system.
• It is the standard TCP/IP protocol for virtual terminal
service
3. Topics to be Discussed
• Understand how TELNET works
• Understand the role of NVT in a TELNET communication
• Understand TELNET option and sub-option negotiation
• Know how control characters are used
• Know the TELNET modes of operation
• Why TELNET unsecure!
4. TELNET is a general-purpose
client-server application program
8. Network Virtual Terminal (NVT)
• Is a universal interface, The TELNET client translates characters (data
or commands) that come from the local terminal into NVT form and
delivers them to the network. The TELNET server translates data and
commands from NVT form into the form acceptable by the remote
computer. Figure 1.3 concept of NVT
9. NVT uses two sets of characters, one for data and
one for control. Both are 8-bits.
Figure 1.5 format of data and control characters
12. Default Mode
• In this example, we use the default mode to show the concept
and its deficiencies even though it is almost obsolete today.
• The client and the server negotiate the terminal type and
terminal speed and then the server checks the login and
password of the user (see figure 1.6).
14. Character Mode
•We show how the client switches to the character
mode. This requires that the client request the
server to enable the SUPPRESS GO AHEAD
and ECHO options (see
Figure 1.7).
16. Line Mode
• It’s proposed to compensate for the deficiencies of
default mode and character mode
• In this line (echoing) in done by the client, then the
client sends the whole line to the server
17. Why TELNET Unsecure?!
TELNET suffers from security problems. TELNET requires a login
name and password (when exchanging text). A microcomputer
connected to a broadcast LAN can easily spy using snooper software
to capture a login name and the corresponding password (even if it is
encrypted).!!
It’s Big problem
Let’s see how to hacking ;)
22. 2. SSH
• Is a protocol for secure remote login and other secure
network services over an unsecure network.
• Secure channel between two computers
• Provides data confidentiality and integrity
• Many uses other than remote shell
23. Topics to be Discussed
• History
• SSH components
• Why using SSH?
• SSH security features
• SSH Authentication Methods
• Port forwarding
24. History
• SSH-1 designed in 1995 by Tatu Ylönen
• In response to a password-sniffing attack
• Replacement for rlogin, telnet, and rsh
• Released as freeware in July 1995
• SSH-2 designed in 1996
• Incompatible with SSH-1
• Security and feature improvements
• Open source implementations (OSSH and OpenSSH) created in 1999
• OSSH is now obsolete
• OpenSSH is the most popular SSH implementation as of 2005
25. SSH Components
•Transport Layer Protocol
•Provides server authentication, confidentiality, and
integrity
•User Authentication Protocol
•Authenticates the client-side user to the server
•Connection Protocol
•Multiplexes the tunnel into logical channels
29. Why using SSH?
•SSH can handle secure remote logins (SSH)
•SSH can handle secure file copy (SCP)
•SSH can even drive secure FTP (sFTP)
30. SSH security features
• strong algorithms
• uses well established strong algorithms for encryption, integrity, key
exchange, and public key management
• large key size
• requires encryption to be used with at least 128 bit keys
• supports larger keys too
• algorithm negotiation
• encryption, integrity, key exchange, and public key algorithms are negotiated
• it is easy to switch to some other algorithm without modifying the base
protocol