1

I'm looking for a way to set up clients in a network and have used TFTP so far. Messing around with the server I was able to do a path traversal with something similar like GET asdf/../../../../windows/win.ini. For this and other security considerations I'd like to to switch to something more secure. As far as I know, setting up clients with PXE over the network always uses DHCP and TFTP to download the images. I've seen the possibility to run TFTP service in a chrooted environment or filter incoming traffic on port 69 to make it more secure. I'm not too fond of this, because I'm think there should be a better than deactivating the service or filtering traffic. Also it'd be nice to get away from TFTP completely. Are there any other alternatives under Windows?

user857990
  • 287
  • 3
  • 13
  • In the beginning of your post you sound like you want to exchange the `TFTP` protocol with a more secure solution. later in the post you sound like you are only looking for a way to secure `TFTP` without replacing it. What do you want to do? – replay Feb 22 '13 at 08:50
  • If there is a solution that I can make `TFTP` more secure I'm happy. If there is a solution that uses a more secure protocoll I'd be happier. :) – user857990 Feb 22 '13 at 09:04
  • What are the _assets_ you are trying to protect, and what are the _threats_ you are trying to protect them from? – Michael Hampton Feb 22 '13 at 11:27
  • @MichaelHampton Just commented on the answer below. – user857990 Feb 22 '13 at 11:40
  • 1
    Welcome to Server Fault. It's better to edit your question when providing additional details, as many people will not see the comments (e.g. on the mobile site) or will skip over them. Editing also bumps your question to the top of the homepage again, while leaving a comment does not. – Michael Hampton Feb 22 '13 at 11:43

1 Answers1

1

what is the security concern?

Is your concern the TFTP server might get hacked and the system abused for something else? Then something like a chroot solution would make the most sense.

Is your concern the TFTP server might get hacked and the images that it distributes are getting modified? Then the best thing to do would be to run the TFTP server process as a user which has no filesystem permissions to modify these image files. Furthermore, many TFTP servers can be started in read only mode.

Or is your concern that somebody else is going to put a DHCP server in your network and starts distributing his own images via TFTP to your clients? Then you will probably need to think about using another solution than pixie boot.

You also talk about filtering traffic. I think the question if filtering make sense or not depends heavily on your case. if you have only a limited amount of valid clients, you can probably create something like a whitelist of IPs that can connect in iptables. Otherwise, if you have more like millions of clients (f.e. an ISP distributing ROMs for modems), filtering will be harder.

replay
  • 3,240
  • 14
  • 17
  • read/write permission is a valid point. Messing around with the server I was able to do a path traversal with something similar like `GET asdf/../../../../windows/win.ini`, which is actually my concern and what I would like to prevent. – user857990 Feb 22 '13 at 11:38
  • It would probably be possible to prevent such things via some settings in the TFTP server. But the absolute safest way to prevent this from happening is to put it into a chroot. – replay Feb 22 '13 at 11:52
  • I edited my orginal question. Hope it makes things clearer. – user857990 Feb 22 '13 at 12:13