How to secure FTP & TELNET?

How to secure FTP & telnet?

 

With our guide, we are going to show you the best practice used to secure the FTP and Telnet. The checklist assists you to protect the server from attackers

 1. FTP

FTP (file transfer protocol) ,

This uses the password in clear text format, this method is unsafe to use for file transfer over the internet, because an attacker can capture the password easily.

We strongly recommend to use Winscp or sftp. With this guide we are going to show you,  how stop FTP service ?.

Stop and set it OFF at default boot level.

#service vsftpd stop

#chkconfig vsftpd off

 

2 telnet

Telnet : is a terminal emulator used to connect from one computer to another to take terminal session over the network.

The telnet uses clear text password and daemon associated with xinetd service.

Disable the service by editing  vi /etc/xinetd.d/telnet

# vi /etc/xinetd.d/telnet

 

# default: on

# description: The telnet server serves telnet sessions; it uses \

#       unencrypted username/password pairs for authentication.

service telnet

{

flags           = REUSE

socket_type     = stream

wait            = no

user            = root

server          = /usr/sbin/in.telnetd

log_on_failure  += USERID

disable         = yes   # change it to yes.

}

 

Save & Exit!

 

Restart the xinetd service changes to effect.

#service xinetd restart

Verify that the port 23 is not listening

#telnet localhost 23

Trying ::1…

telnet: connect to address ::1: Connection refused

Trying 127.0.0.1…

telnet: connect to address 127.0.0.1: Connection refused

If you’re looking out to allow  FTP access within the LAN, then use IPTABLES rules   restrict the FTP access from known network series.  With our guide we are going to show you the  tcpwrapper service hosts.deny and hosts.allow.

Deny all by adding entry in /etc/hosts.deny

#vi /etc/hosts.deny

vsftpd : ALL

 

Save & Exit!

Next, Allow only know network or range of IP address by adding an entry in hosts.allow

#vi /etc/hosts.allow

vsftpd : 192.168.1.0/255.255.255.0

 

Save & Exit!

Restart the xinetd service changes to effect.

#service xinetd restart

 

 

 

Both comments and pings are currently closed.

Comments are closed.

Copyright ©Solutions@Experts.com
Copyright © NewWpThemes Techmark Solutions - www.techmarksolutions.co.uk