| # 2.3.4 Ensure telnet client is not installed |
| # The telnet package contains the telnet client, which allows users to start |
| # connections to other systems via the telnet protocol. |
| # The telnet protocol is insecure and unencrypted. The use of an unencrypted |
| # transmission medium could allow an unauthorized user to steal credentials. |
| # The ssh package provides an encrypted session and stronger security and is |
| # included in most Linux distributions. |
| # Run the following command and verify telnet is not installed: |
| # Run the following command to uninstall telnet : |
| # # apt-get remove telnet |
| # Many insecure service clients are used as troubleshooting tools and in |
| # testing environments. Uninstalling them can inhibit capability to test and |
| # troubleshoot. If they are required it is advisable to remove the clients |
| # after use to prevent accidental or intentional misuse. |