What alternatives exist to using TFTP in setup

windows tftp

Solution 1:

what is the security concern?

Is your concern the TFTP server might get hacked and the system abused for something else? Then something like a chroot solution would make the most sense.

Is your concern the TFTP server might get hacked and the images that it distributes are getting modified? Then the best thing to do would be to run the TFTP server process as a user which has no filesystem permissions to modify these image files. Furthermore, many TFTP servers can be started in read only mode.

Or is your concern that somebody else is going to put a DHCP server in your network and starts distributing his own images via TFTP to your clients? Then you will probably need to think about using another solution than pixie boot.

You also talk about filtering traffic. I think the question if filtering make sense or not depends heavily on your case. if you have only a limited amount of valid clients, you can probably create something like a whitelist of IPs that can connect in iptables. Otherwise, if you have more like millions of clients (f.e. an ISP distributing ROMs for modems), filtering will be harder.

Related

iptables NETMAP not reliably adjusting source address of multicast UDP packets
Restore File Owner from Backup, but not Content
Nginx - changing root folder for specific url gives 404 error
md raid5 extremely slow on discard
Kubernetes on OpenStack [closed]
Kubernets 1.21.3 The recommended value for "clusterCIDR" in "KubeProxyConfiguration"
Hyper-V virtual machine upload speed unbelievably slow
ISP configured Dynamic IP is different from what websites see when I access them
HP Proliant DL360 G7 Wont Boot from USB
Ansible 2.9.21: unwanted escape char “\” is added in shell command
Storing SQL Server System Databases On A Seperate Drive
Setted Apache subdomain redirect to another subdomain