Such vulnerable information could give potential attackers critical information about your network, including exactly what kinds of traffic are allowed through the firewall.īecause of this insecurity, you should put your TFTP server on an isolated LAN that only the necessary equipment (such as routers and switches) can reach. Do you want or care if someone gets all of the files from this directory? If not, the security issue is not as important.īut most of us don’t want just anyone getting their hands on router and firewall configurations. A good rule of thumb is this: Assume that all of the files in the TFTP root directory of your TFTP server are readable by anyone. If a TFTP server is placed behind a firewall and you trust the users on the LAN, the security problem is somewhat lessened. The purpose of TFTP is to send and receive data to and from pretty much anyone who asks, regardless of who they are. TFTP, by design, isn’t a very secure protocol to use. Listing A shows the report generated on the Cisco TFTP server’s main window. The Cisco TFTP server main window also reports on the progress and status of the download. When I looked in the TFTP server’s root directory, I saw a file named pixcfg.txt. The signified that the configuration was indeed backed up. If you are not using Cisco, please refer to your system documentation for the syntax to back up your hardware configurations to a TFTP server. TFTP write ‘/pixcfg.txt’ at 172.16.1.207 on interface 1 These commands work for the Cisco PIX and other Cisco equipment. Then, I ran the commands below, which backed up the network hardware configuration. To do this, I made sure I was in enable mode on my firewall. To illustrate how TFTP can be used to back up your network hardware configuration, I’ll run through the process of backing up my Cisco PIX firewall to my desktop machine, which has the IP address of 172.16.1.207. Make note of the TFTP server root directory, because this is where the files you transfer to the machine will be located, and it’s also the location where you will place files you need to transfer from the server onto a network device. Here you see the Cisco TFTP server options. Figure A shows the default option settings. To see how your TFTP server is set up, choose View | Options. You’ll notice that this program offers very few options. To start the Cisco TFTP server, click the shortcut on your desktop. You don’t need to reboot to run the TFTP server. When complete, you will have a new program item on your desktop and the Start menu that runs the TFTP server. If you accept all the defaults, the server will be installed into C:\Program Files\Cisco Systems\Cisco TFTP Server. To begin, simply double-click the downloaded file to extract the files. It’s simple to install, set up, and use this TFTP server, which should prove adequate for the needs of most network administrators. In this section, I will explain how to set up the Cisco TFTP server on a Windows 2000 Server running Service Pack 2. Click on the Try Now link on the right-hand side of the page to be directed to the download page. You’ll need the file SolarWinds-TFTP-Server.exe. The SolarWinds TFTP server is available on the SolarWinds Web site. You’ll need the file TFTPServer1-1-980730.exe. Once you’ve registered and logged in, download the TFTP server. To register, you need a valid e-mail address. To download the Cisco TFTP server, you need to be a registered member of the Cisco site with a login ID and password. In this Daily Feature, I will explain how to download and set up both Cisco’s and SolarWinds’ free TFTP servers on a Windows 2000 server. But there are many providers of full TFTP servers that are sufficient to serve your needs. Since TFTP is not as ubiquitous as FTP, setting it up is not quite as simple as installing the Internet Information Services on your Windows 2000 Server. Also, be sure to use TFTP on a server that includes additional security control, such as a Windows 2000 server. It’s a good idea to place such a server behind a firewall. However, because of its inherent insecurity, you must take special care in the design and configuration of a TFTP server. TFTP is a very versatile protocol that can be used for a variety of tasks, including backing up network configurations, upgrading code, and remote-booting devices without hard drives. Scott Lowe shows you how to set up both the Cisco and the SolarWinds TFTP servers. When your Cisco router fails and you need to reload the operating system, you'll regret not setting up that TFTP server.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |