On 12/9/05, Brian Wall <kc0iog at gmail.com> wrote:
> After avoiding it for many years, it's finally come time to set up a
> TFTP server.
>
> My gut reaction to setting up TFTP is "security, security, security".
> The primary purpose of the server will be to store config files for
> various devices (router and switches mostly).  TFTP sounds insecure
> from the very conception.  Are there any guides to setting up a sane,
> secure TFTP environment?

You probably already know this, but TFTP, by its very nature is
insecure.  It doesn't have the concept of logins or other type of
authentication.  I'd say there are three basic things you could do to
"secure" your TFTP install.

1.  Make all the files in the TFTP root dir read-only.
2.  Do *not* allow access to TFTP from the internet.
3.  Limit access to the TFTP port to the hosts that need it.  This
would be quite easy w/ iptables.