Details
Telnet is insecure by nature as it sends all traffic across the wire in clear text, including user names and passwords. Anyone snooping or sniffing network traffic will be able to intercept these credentials and potentially gain management access to the device. It is recommended to use Secure Shell (SSH) instead of Telnet, as it uses asymmetric encryption to exchange keys and create a secure management session. In addition, setting an idle timeout period for login sessions can prevent unauthorized access when a management session is left unattended.
Solution
Use the following commands to enable SSH, disable the Telnet server, and set an idle timeout of 5 minutes for SSH management sessions:
switch(config)# crypto key generate ssh
switch(config)# ip ssh
switch(config)# no telnet-server
switch(config)# idle-timeout 5
For details, refer to the chapter titled “Configuring Secure Shell (SSH)” in the ArubaOS-Switch Access Security Guide.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system ArubaOS.