Yes, it's possible to "sniff" the username/password with Telnet, as it is sent as cleartext, but modern switched networks make this somewhat more difficult. Further, anything you type while in GoGlobal (like passwords to change environments) may likely also be "sniffed". The most widely-used answer to your dilemma is the SSH (Secure Shell) protocol. For a good, free implementation, check out OpenSSH for your AW, available on sunfreeware.com. Nothing is sent as cleartext, and it will tunnel just about any TCP-based protocol over an encrypted channel (i.e., hard to "sniff"). It may even come with Solaris 8, but I'd probably still get the sunfreeware version because it is newer (with security-related software, you want as many bugs to be fixed as possible). Windoze PC clients include the previously-mentioned PuTTY (free), OpenSSH itself running in the Cygwin environment (also free), and SecureCRT (about $100 I think), among others. We use OpenSSH for session establishment and tunneling of the X protocol to Exceed on the PCs. Works great, but some applications (ICC, Display Builder/Configurator, etc.), because of the funky way the I/A software runs them, require more effort for the tunneling. GoGlobal, unlike Exceed, sets up a local X server I believe, and uses its own protocol to communicate to the PC (more like VNC) so it ought to be somewhat easier to set up the tunnel. I don't have GoGlobal, though, so I can't say for sure. Corey Clingo BASF Corp. |---------+----------------------------> | | "Penndorf, Rocco | | | (RP)" | | | <RPPenndorf@xxxxx| | | om> | | | Sent by: | | | foxboro-bounce@fr| | | eelists.org | | | | | | | | | 01/16/2004 01:47 | | | AM | | | Please respond to| | | foxboro | | | | |---------+----------------------------> >------------------------------------------------------------------------------------------------------------------------------| | | | To: "'foxboro@xxxxxxxxxxxxx'" | | cc: | | Subject: [foxboro] Go Global security issue | >------------------------------------------------------------------------------------------------------------------------------| Hello list, i've got a security question regarding GoGlobal. I've heard that Telnet program (GoGlobal is using telnet to establish session to host machine) does not code the username and password information when sending to the hostmachine. So, i've been told, it is possible by using a sniffer program to find out usernames/passwords just by "listening" the network traffic.I really don't what kind of "hacker" knowledge somebody must have to intrude into a enterprise network and catch password information but i think it's worth raising the question and ask for your experiences. Questions: (1) Is there a chance to make GoGlobal more secure? (2) Are there better (more secure) solutions on the market (please provide examples). Best Regards _______________________________ Rocco Penndorf Sr.Process Control Engineer / Acrylic Acid Plant DOW - Boehlen Tel.: +49 (0) 34206-8-7524 Fax: +49 (0) 34206-8-7522 E-Mail: rppenndorf@xxxxxxx _______________________________________________________________________ This mailing list is neither sponsored nor endorsed by Invensys Process Systems (formerly The Foxboro Company). Use the info you obtain here at your own risks. Read http://www.thecassandraproject.org/disclaimer.html foxboro mailing list: //www.freelists.org/list/foxboro to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave _______________________________________________________________________ This mailing list is neither sponsored nor endorsed by Invensys Process Systems (formerly The Foxboro Company). Use the info you obtain here at your own risks. Read http://www.thecassandraproject.org/disclaimer.html foxboro mailing list: //www.freelists.org/list/foxboro to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave