Implementing Tftp; Security - 3Com corebuilder 3500 Implementation Manual

Implementing TFTP

Security

The Trivial File Transfer Protocol (TFTP) is simpler to use than FTP but has
less functionality. TFTP uses UDP as its transport protocol, with a simple
stop-and-wait acknowledgment system. Because TFTP has an effective
window of only one 512-octet segment, its performance cannot match
that of FTP. The most common application for TFTP is bootstrapping a host
over a local network.
Important Considerations
Consider the following guidelines before you select TFTP:
TFTP does not provide access control or security, so use TFTP only when
authentication and directory visibility are not required.
Because TFTP provides no user authentication, you must give loose
permission to files that are located on your system, that is, make files
publicly readable and writable. Otherwise, the TFTP server does not
grant requests for file access.
You must create two files when you are using the save nvData option
over TFTP. See "Saving nvData" in this chapter.
For more information on TFTP, see your TFTP server documentation.
You can limit IP management access to your system through the
Administration Console or the Web Management software as follows:
On the Administration Console, you can limit IP management access
through the
system console security
On the Web Management software, use a security option in the
WebManage folder on the Web console.
To limit IP management access, you can use the
option to configure up to 5 IP addresses or 5 subnetworks,
security
called trusted IP clients. If an IP address or subnet is not on the trusted IP
client list, the IP address or subnet cannot be used to access the system
using the Web Management software, Administration Console, or SNMP.
If you do not configure trusted IP clients on the system, a user with the
appropriate password at a remote device can access the system.
Security
menu.
system console
49