Security Considerations for Telnet

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista

Telnet clients and servers exchange data by using unencrypted characters (plaintext). If you are using password authentication, then your user name and password are not included. If you use NTLM authentication, then your user name and password are encrypted. However the rest of the Telnet session is still plaintext. Anyone with a network protocol analyzer with access to the network media can see the information in the Telnet session.

The primary option for securing your Telnet traffic is to use Internet Protocol security (IPsec), a security protocol that works at the IP layer, independent of Telnet. You can use Windows Firewall with Advanced Security to configure inbound and outbound rules that require encryption. This can include Telnet traffic, as long as both computers support IPsec. For more information, see the screencast How to Encrypt Telnet Traffic with Windows Firewall with Advanced Security and IPsec (https://go.microsoft.com/fwlink/?LinkID=189206) at the Microsoft Web site.

Other facets of security in Telnet can be controlled, such as the limiting the number of users that have simultaneous access to your Telnet server, forcing your users to use NTLM authentication, and restricting or allowing the use of administrative privileges in a Telnet session.

In this section:

See Also

Concepts

What is Telnet?
How Telnet Works
Telnet Tools and Settings
Additional Resources for Telnet