Cybersecurity vulnerabilities and threats are a top priority for VeEX's products. We recognize that it is not easy to keep up with hackers these days, however, we do our best to limit access to our test sets. Because the legacy Telnet service lacks encryption, the primary defense is to keep it disabled and follow these recommendations:
- By default, Telnet and SSH are disabled in VeEX's test sets. We recommend keeping them OFF permanently, unless advised by one of our Customer Support agents during a diagnostic or troubleshooting session. (Portable test sets do not require Telnet or SSH for their normal operations.)
- We recommend to never leave a test equipment temporarily or permanently connected to public IP addresses. For remote access, we recommend connecting portable test sets to a secured private network and using EZ-Remote to access them.
- We recommend keeping test equipment behind a firewall or network access control lists (ACLs) to block all inbound traffic on TCP port 23, allowing it only from specific, trusted IP ranges. Use VPN or EZ-Remote for access.
- If for some reason the use of Telnet is required to be enabled (e.g., legacy scripting) do it on a secured network and enforce strong password rules. NEVER leave or use the default factory password.
- Keep the instrument's software up to date.
- DISABLE the instrument's Telnet and SSH services when/if not needed or being actively used.
VeEX routinely performs security scans on its products, to identify any new reported vulnerabilities that need to be addressed.
For more information about enabling and disabling telnet services, refer to the How to Establish a TELNET or SSH Connection with a VeEX Probes and Portable Test Sets article.