Hi Herbert,

 PK> What specific telnet risks do you consider allow Max to be risky?
 PK> I have had Telnet available here for local LAN access, but never
 PK> bothered setting up something for outside use, I just haven't
 PK> seen a burning need for it at this stage.

 HR> - Telnet needs an open port.
 HR> - open telnet port and remote access to commandline is possible

As far as I am aware, that is only possible if that option is configured in
the Maximus menu system. A failed Maximus process should terminate the
Serial port (real Serial ports close if Max is aborted for any reason, so I
would expect the Virtual Serial ports to close as well), which then closes
the IP Port. Or is there some other security risk you are aware of?

 HR> - remote commandline opens cracking the whole system.

To gain access to a command-line through a Maximus session, normally
requires a specific user profile (EG: Sysop level access), access to an
appropriately configured Menu Option (the Sysop levelaccess can be disabled
for Telnet ports), and enablement of the OS facilitily to pass user
commands from the Maximum process (maxpipe). If these are managaed
correctly I dont see much on an issue, unless there is an hole in one of
these... Is there something there I am missing?

 HR> You must know exactly what you does to avoid getting your system cracked.

If access to the command-line is disabled within Maximus, then unless there
is an un-announced hole somewhere, I dont see a problem.

Cheers...............pk.


--- Maximus/2 3.01