Re: tftp security issues

Rajasekhar Raman · ‎10-02-2002

Are there any known security risks with tftp. Is it recommended that this service be disabled to have a more secure environment.

Also, does swinstall use tftp to do the remote installations ??

Thanks for you input.

-Shekar Raman

Donald Kok · ‎10-02-2002

Hi Shekar,
Yes tftp is unsecure, and hardly used these days. It is used by ignite to make and perform a net recovery. It is also used by omniback to push an agent. It is used by X-terminals, like Envizex. That's about it AFAIK. normally you can disable the service.

I think swinstall uses nfs as the network protocol , but I am not 100% sure.

Greetzz
Donald

My systems are 100% Murphy Compliant. Guaranteed!!!

Sridhar Bhaskarla · ‎10-02-2002

Hi Shekar,

tftp is unsecured in the sense it does not prompt for the passwords. So, depending on the tftp server configuration and the permissions on the server, there is a good chance that it can be a target of attack.

One other thing is that it does not encrypt the communication.

swinstall does not use tftp for sure for remote installations. I believe, it uses DCE/RPC.

-Sri

You may be disappointed if you fail, but you are doomed if you don't try

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: tftp security issues

tftp security issues

Re: tftp security issues

Re: tftp security issues