This article provides recommendations for securing the TFTP server.
By default, the TFTP server provides very limited access to your system. It is specifically configured to provide the initial code for thin
clients. As a security administrator, you should be aware of the following
characteristics of the TFTP server:
- The TFTP server does not require authentication (a user ID and password).
All TFTP jobs run under the QTFTP user profile. The QTFTP user profile does
not have a password. Therefore, it is not available for interactive sign-on.
The QTFTP user profile does not have any special authorities, nor is it explicitly
authorized to system resources. It uses public authority to access the resources
that it needs for the thin clients.
- When the TFTP server arrives, it is configured to access the directory
that contains thin client information. You must have *PUBLIC or QTFTP authorized
to read or write to that directory. To write to the directory you must have
*CREATE specified on the Allow file writes parameter
of the CHGTFTPA command. To write to an existing file you
must have the *REPLACE specified on the Allow file writes parameter
of CHGTFTPA. *CREATE allows you to replace existing files
or create new files. *REPLACE only allows you to replace existing files.
A
TFTP client cannot access any other directory unless you explicitly define
the directory with the Change TFTP Attributes (CHGTFTPA)
command. Therefore, if a local or remote user does attempt to start a TFTP
session to your system, the user’s ability to access information or cause
damage is extremely limited.
- If you choose to configure your TFTP server to provide other services
in addition to handling thin clients, you can define an exit program to evaluate
and authorize every TFTP request. The TFTP server provides a request validation
exit similar to the exit that is available for the FTP server.