[c-nsp] Telnet FROM a PIX Appliance?

Reuben Farrelly reuben-cisco-nsp at reub.net
Tue Jul 1 07:29:11 EDT 2008


You also can't ssh from a PIX, but you can of course ssh to it.

So it's not IMHO likely to be a case of "telnet being insecure", but avoiding 
-all- client sourced access from a PIX out to anything else which the PIX could 
potentially connect to.

I suspect the thinking is that the PIX itself, if compromised, can't be used as 
a platform to launch into other devices in the network.  Especially given it is 
probably one device which would normally have direct and unrestricted access to 
the private and DMZ networks in most topologies...

Reuben



On 1/07/2008 9:19 PM, Aaron R wrote:
> Hi,
> 
> As we all know Telnet is plaintext and insecure. I assume they have disabled
> telnet from the firewall to encourage secure communication? 
> 
> I don't see why else they would have disabled it. Having said this they
> still enable telnet to the device which is a complete contradiction :P
> 
> Cisco?
> 
> Cheers,
> 
> Aaron.


More information about the cisco-nsp mailing list