ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvtcpsectftp.htm

67 lines
4.2 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Secure the TFTP server" />
<meta name="abstract" content="This article provides recommendations for securing the TFTP server." />
<meta name="description" content="This article provides recommendations for securing the TFTP server." />
<meta name="DC.Relation" scheme="URI" content="rzamvtcptftp.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="tcpsectftp" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Secure the TFTP server</title>
</head>
<body id="tcpsectftp"><a name="tcpsectftp"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Secure the TFTP server</h1>
<div><p>This article provides recommendations for securing the TFTP server.</p>
<p>By default, the TFTP server provides very limited access to your system. It is specifically configured to provide the initial code for thin
clients. As a security administrator, you should be aware of the following
characteristics of the TFTP server:</p>
<ul><li>The TFTP server does not require authentication (a user ID and password).
All TFTP jobs run under the QTFTP user profile. The QTFTP user profile does
not have a password. Therefore, it is not available for interactive sign-on.
The QTFTP user profile does not have any special authorities, nor is it explicitly
authorized to system resources. It uses public authority to access the resources
that it needs for the thin clients. </li>
<li>When the TFTP server arrives, it is configured to access the directory
that contains thin client information. You must have *PUBLIC or QTFTP authorized
to read or write to that directory. To write to the directory you must have
*CREATE specified on the <span class="parmname">Allow file writes</span> parameter
of the <span class="cmdname">CHGTFTPA</span> command. To write to an existing file you
must have the *REPLACE specified on the <span class="parmname">Allow file writes</span> parameter
of <span class="cmdname">CHGTFTPA</span>. *CREATE allows you to replace existing files
or create new files. *REPLACE only allows you to replace existing files. <p>A
TFTP client cannot access any other directory unless you explicitly define
the directory with the Change TFTP Attributes (<span class="cmdname">CHGTFTPA</span>)
command. Therefore, if a local or remote user does attempt to start a TFTP
session to your system, the users ability to access information or cause
damage is extremely limited.</p>
</li>
<li>If you choose to configure your TFTP server to provide other services
in addition to handling thin clients, you can define an exit program to evaluate
and authorize every TFTP request. The TFTP server provides a request validation
exit similar to the exit that is available for the FTP server.</li>
</ul>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvtcptftp.htm" title="These articles discuss methods for securing the TFTP server for authorized users and preventing access to the TFTP server.">Security considerations for using TFTP server</a></div>
</div>
</div>
</body>
</html>