Use of TFTP

pts.
Tags:
Firewalls
Forensics
Incident response
Intrusion management
Managed security services
Network security
VPN
Wireless
Why is the use of TFTP discouraged on the network from a security perspective?

Answer Wiki

Thanks. We'll let you know when a new response is added.

It’s discouraged because other than limited permissions control on the server (directories mostly) there’s no user control, no authentication, no encryption.

Its typical use is in uploading/downloading network device configurations, firmware updates, etc. and that’s about it.

Case in point – we used to download all switch and router configurations weekly to a backup TFTP server, so that we had an audit trail of our configurations. Since I didn’t set it up, I don’t remember the particulars, but a determined internal attacker could theoretically find the TFTP server, download our router configurations, and crack the passwords. (Not firewalls – those were kept more secure)

Hope that helps,

Bob

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Franna81
    Firstly, TFTP has no directory or password capability. All trafic is transmitted in clear text(Sniffing!!!). TFTP can be used in Contingency/Recovery plans when u are looking at Routers and Switches, were the configuration and logs/errors will be stored on TFTP. TFTP is using port 69, so make sure u are blocking this on your firewall. If u want to use TFTP, my recommendation is to use SSH for connection establishment. For more reading go to www.rfc-editor.org and search for TFTP or RFC1350. Hope this helps.
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following