Ymir Vigfusson
July 8, 2025
Remember Telnet?! Well, Telnet never left. It still runs on old printers, legacy PLCs, and embedded equipment that no one dares to patch. Most security teams overlook it because no one installs it anymore and it’s protected by network segmentation. But it’s still wired into firmware, reachable over flat networks, and potentially wide open for attack.
Attackers scan for Telnet because it gives them what they want: direct shell access, cleartext credentials, and no logging. Most defenders miss it because their tools ignore it. Telnet creates blind spots that no EDR or VPN policy can close. You can’t patch it. You can’t remove it. But with Keystrike, you can limit attackers' reach, so you prevent lateral movement with this classic network protocol.
Telnet should have died with the modem. No encryption. No authentication hardening. No modern protections of any kind. But it keeps showing up in environments where no one expects it. Not because people choose it today, but because it never got removed.
Think about the printers you never upgraded, the building control systems nobody patches, or the router someone installed ten years ago and left running. If it’s old, embedded, or labeled “critical infrastructure,” there’s a good chance it still allows Telnet.
Now, combine that with one flawed assumption that’s haunted OT and legacy IT designs for decades: isolation. These systems were built under the belief that they’d stay air-gapped forever. But remote access crept in. Supply chain software was installed. Dashboards were built. Covid required more and deeper remote access than ever before. And suddenly, your “offline” box is routable.
That’s how Telnet becomes an attack vector.
Attackers don’t break what they can walk through. Telnet lets them walk. Let’s break down what makes Telnet a goldmine for lateral movement:
And once they’re in? Attackers act fast. It’s quiet. No exploits. Just credentials and misconfigurations.
You know Telnet is insecure. So why not remove it? Because in many environments, you can’t.
Here’s why:
Most defenders default to segmentation, VPNs, and jump hosts. But segmentation fails as configurations drift. VPNs get misused. And attackers use the same jump hosts to hop across systems.
That’s where Keystrike enters the picture.
Keystrike doesn’t care what protocol you’re using, Telnet, SSH, RDP, or something proprietary. It verifies how commands are created, not what protocol they’re using.
It works upstream of the session, at the physical input level. Every keystroke and mouse movement gets cryptographically signed by trusted hardware. No signature? No command execution. Even if an attacker steals credentials, opens a session, and runs commands, they’ll get blocked.
Because the session didn’t originate from a physically present human. This flips the entire threat model.
Keystrike doesn’t patch Telnet. We protect access by ensuring that only physical input leads to command execution.
You don’t need to put Keystrike on the legacy device. Instead, you deploy it on the access path: jump boxes, bastion hosts, and management terminals. That’s where attackers move and an ideal chokepoint where you can cut them off.
Here’s a typical use case:
This works in industrial controls, legacy infrastructure, and remote access gateways without changing the devices or network paths. You preserve uptime and gain integrity.
Traditional security relies on detecting known bad signatures, behaviors, and anomalies. But attackers have adapted. They use legitimate tools and valid credentials. Telnet’s just one example, but also an exploitable one that is often forgotten.
Keystrike moves the boundary by verifying the legitimacy of the interaction before the system executes a single byte.
This applies whether you’re using Telnet or any other session-based tool.
If you're securing an environment with legacy systems, and let’s be honest, most of us are, you can't just assume those systems are invisible. You need to assume attackers can find them.
Keystrike gives you a way to control the session, not just the access. It enforces real human presence at the point of input. It stops hijacking, lateral movement, and stealthy automation even on protocols as insecure as Telnet.
You didn’t create the legacy. You inherited it. Every unpatchable PLC, every forgotten badge system, every exposed Telnet port that’s technical debt dropped on your lap with no budget, no time, and no vendor support. And yet, when attackers get in through one of those cracks, it’s your name in the incident report.
Keystrike gives you leverage. Not by asking you to rip and replace, but by letting you lock down what you already have. It stops attacker automation cold. It validates human presence before the command ever hits the wire. It makes unfixable systems safe to use.
Because sometimes, the only thing standing between legacy access and lateral compromise is whether the keystrokes came from a real keyboard.
Try Keystrike in Your Environment for 30 Days
