Limiting Telnet capabilities

We have 3rd parties who access our unix servers via telnet for application maintenance and for diagnostics. How do we prevent them logging onto other servers in our network?