Use of TFTP
Firewalls, Forensics, Incident response, Intrusion management, Managed security services, Network security, VPN, Wireless
Why is the use of TFTP discouraged on the network from a security perspective?
Software/Hardware used:
Software/Hardware used:
ASKED:
March 31, 2005 7:13 AM
UPDATED:
April 4, 2005 2:38 AM
Answer Wiki:
It's discouraged because other than limited permissions control on the server (directories mostly) there's no user control, no authentication, no encryption.
Its typical use is in uploading/downloading network device configurations, firmware updates, etc. and that's about it.
Case in point - we used to download all switch and router configurations weekly to a backup TFTP server, so that we had an audit trail of our configurations. Since I didn't set it up, I don't remember the particulars, but a determined internal attacker could theoretically find the TFTP server, download our router configurations, and crack the passwords. (Not firewalls - those were kept more secure)
Hope that helps,
Bob
To see all answers submitted to the Answer Wiki: View Answer History.
Firstly, TFTP has no directory or password capability. All trafic is transmitted in clear text(Sniffing!!!). TFTP can be used in Contingency/Recovery plans when u are looking at Routers and Switches, were the configuration and logs/errors will be stored on TFTP. TFTP is using port 69, so make sure u are blocking this on your firewall. If u want to use TFTP, my recommendation is to use SSH for connection establishment.
For more reading go to http://www.rfc-editor.org and search for TFTP or RFC1350.
Hope this helps.