If this is a high security system, then it is a big mistake to allow either Telnet or HP Web Console access _AT_ALL_.
Anyone capable of sniffing the root password through a root telnet is also capable of sniffing the passwords passed to sudo and to the web console.
What's that you say, web console traffic encrypted? Yes, but by crackerjack box ring decoder variety encryption. See Bugtraq postings from last year on how trivial it is to crack (much easier than the protections NIS has through Secure RPC).
I've taken HP to task on this on several occasions, but so far they haven't done anything about it (something about using too slow a processor to do real encryption - a pretty lame argument considering that this was only a few months after the thing came out and they could have long since fixed the problem by now - especially given how much they charge for these things).
If you want your system to be reasonably secure from sniffing attacks, use newer versions of OpenSSH for network access and OpenSSH connecting to an SSH-capable terminal server for console access (several vendors, including Cisco, sell such things, though it's also easy to turn an old 486 running Linux or *BSD into one). IPsec based protections would be even better (including telnet over IPsec).
Don't use regular Telnet, HP Web Console, FTP, or even older versions of SSH.
Brainbench MVP for Unix Administration and Internet Security, SANS Review Editor, and Center for Internet Security HP-UX Benchmark project leader
