During the network reconnaissance phase of a penetration test, an analyst captures traffic between an administrator's workstation and a core network switch. The traffic analysis reveals that the administrator is using Telnet for remote device management. The analyst needs to recommend the most effective single remediation to prevent credential theft and session hijacking from passive network sniffing. Which of the following recommendations should the analyst prioritize?
Use a protocol that incorporates an encrypted session, such as SSH, for device management
Require stricter passphrase standards to reduce the risk of dictionary attacks
Schedule recurring authenticated scans to detect abnormal network traffic patterns
Configure the management service on a second interface using a non-standard port
Using an encrypted protocol like SSH is the most effective and direct solution to the identified vulnerability. Telnet transmits all data, including login credentials, in cleartext, making it susceptible to eavesdropping. An encrypted protocol ensures the confidentiality and integrity of the entire management session, directly mitigating the risk of passive sniffing. While stricter password policies, network monitoring, and using non-standard ports are all security practices, they do not address the fundamental lack of encryption in the Telnet protocol itself.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Telnet and why is it insecure?
Open an interactive chat with Bash
What is SSH and how does it protect against passive sniffing?
Open an interactive chat with Bash
Why is encryption critical in mitigating credential theft?