Telnet is an old client-server protocol based on a reliable connection-oriented transport. Typically, this protocol is used to establish a connection to the Transmission Control Protocol (TCP), port number 22 or 23, where a Telnet server application “telnetd” is listening. Telnet, however, predates TCP/IP and was originally run over Network Control Program (NCP) protocols. You can connect to your Synology NAS via Telnet through a client like “Putty“.
By default, Telnet does not encrypt any data sent over the connection (including passwords), and so it is often feasible to eavesdrop on the communications and use the password later for malicious purposes; anybody who has access to a router, switch, hub or gateway located on the network between the two hosts where Telnet is being used can intercept the packets passing by and obtain login, password information and whatever else is typed with a packet analyzer. Most Telnet implementations have no authentication that would ensure the communication that is being carried out between the two desired hosts is not intercepted in the middle. Several vulnerabilities have been discovered over the years.
When you run Security Advisor on your Synology NAS you can find an error on the network configurations: Telnet service is enabled. So how can you disable it and Fix? Go to Control Panel / Terminal & SNMP / Terminal / Uncheck “Enable Telnet service” then click Apply. Follow the instructions in the image below.
After clicking “Apply”, you can go back to Security Advisor and try to scan your Synology NAS again. Under the “Network-Results” tab, you will find it says the “Telnet service is disabled” which means you have correctly disabled it.
This post was updated on Wednesday / November 20th, 2019 at 11:21 PM