Using Telnet and FTP with a Firewall

Previous page
Table of content
Next page

FTP and telnet are very useful utilities. They are also very powerful utilities. For this reason, you should be careful when configuring a firewall to ensure that FTP and telnet are not used to compromise your system or network.

Firewalls employ many techniques to protect your network. However, one of the basic functions you will find in all firewalls is the capability to enable or disable ports, for both incoming and outgoing traffic. Consider the case of telnet. It may be a good idea, if your environment requires it, to allow users on your network the capability to establish a telnet session on a remote server outside of your network. The reverse, though, is not always a good idea. Because telnet allows the user to interact with the computer and issue commands at the operating-system level, it is possible that telnet could be used to (1) gather information about your systems and (2) make changes to your systems, depending on the "privileges" granted to the user account associated with the telnet session.

Yet there may be situations in which you need to allow telnet sessions from computers outside of your network. In such a case, it is a better idea to place the computer that will be the target of incoming telnet sessions in a "demilitarized zone" using a firewall. This limits telnet access to just that computer, while blocking access to other computers in your network.

The same principle applies to FTP. You might want to enable ports that allow users on your network to download files from Internet sites. For example, FTP can be used to download device driver or software updates from a vendor's site. However, it isn't always a good idea to allow users on your network to upload files to computers outside of your network. Confidential information could easily be transferred this way, and go undetected. For the same reasons, you should not always allow incoming FTP sessions. If you have a business need to let customers upload files to your network, consider using a dedicated server in a demilitarized zone in the same manner you would provide a telnet service. Decide whether you want to allow both uploads and downloads, or one but not the other.

Chapter 49, "Firewalls," explains the concept of a demilitarized zone in detail. You will also find information in that chapter about using "anonymous FTP" and some considerations for configuring servers to allow users outside your network to gain access to data as your business requires it, without compromising the rest of the network.


Previous page
Table of content
Next page
Upgrading and Repairing Networks
Upgrading and Repairing Networks (5th Edition)
ISBN: 078973530X
EAN: 2147483647
Year: 2003
Pages: 434
Authors: Scott Mueller, Terry William Ogletree, Mark Edward Soper
BUY ON AMAZON
Kanban Made Simple: Demystifying and Applying Toyotas Legendary Manufacturing Process
Introduction to 80x86 Assembly Language and Computer Architecture
Java Concurrency in Practice
Telecommunications Essentials, Second Edition: The Complete Global Source (2nd Edition)
Python Programming for the Absolute Beginner, 3rd Edition
Microsoft Visual Basic .NET Programmers Cookbook (Pro-Developer)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy