Difference between revisions of "Talk:Linux Remote Shell Notes"
(→Virtual Terminal Teletype lines (VTY): new section) |
(→VTY Telnet Access: new section) |
||
Line 2: | Line 2: | ||
Telnet is associated with the VTY lines. Telnet uses TCP port number 23 and is one of the most commonly used protocols for remote access. | Telnet is associated with the VTY lines. Telnet uses TCP port number 23 and is one of the most commonly used protocols for remote access. | ||
+ | |||
+ | == VTY Telnet Access == | ||
+ | |||
+ | Active interfaces on a network router can be accesses by users on the network if not properly secured. Users or Hackers might try telnetting the network router through the VTY access. | ||
+ | |||
+ | To stop this from happening, the best practice is for you to use a standard IP access list to limit telnet access to every network or IP address on the router. Applying standard IP access list to the VTY lines eliminates the option of using telnet protocols and destination address since it does not matter which interface address a user or hacker is using as a target for the telnetting session. | ||
+ | |||
+ | Using standard IP access list to restrict VTY access enables you to define which IP addresses are allowed telnet access to the router EXEC process. You can control which workstation or network access your router with an ACL and an access-class statement to your VTY lines |
Latest revision as of 21:20, 5 March 2018
Virtual Terminal Teletype lines (VTY)
Telnet is associated with the VTY lines. Telnet uses TCP port number 23 and is one of the most commonly used protocols for remote access.
VTY Telnet Access
Active interfaces on a network router can be accesses by users on the network if not properly secured. Users or Hackers might try telnetting the network router through the VTY access.
To stop this from happening, the best practice is for you to use a standard IP access list to limit telnet access to every network or IP address on the router. Applying standard IP access list to the VTY lines eliminates the option of using telnet protocols and destination address since it does not matter which interface address a user or hacker is using as a target for the telnetting session.
Using standard IP access list to restrict VTY access enables you to define which IP addresses are allowed telnet access to the router EXEC process. You can control which workstation or network access your router with an ACL and an access-class statement to your VTY lines