What is the TFTP protocol?
It arose at the beginning of the the 80’s, so it is not exactly a recent protocol. It is used to regulate the transfer of files between a client and a server. It works easily and allows you to send small files.
Its name will inevitably lead us to make a similarity to FTP, which is a much better known and used protocol. However, there is a clear difference, and that is that TFTP is much simpler to use. This logically also makes it more limited. It is useful for example when there is no need for user authentication.
This that we comment also causes it to have limitations in terms of security. To the transfer files and not having to authenticate, causes risks to appear.
Generally uses the UDP port 69 to perform the file transfer, although this can be changed by the sender and receiver. This is an important difference from FTP, which uses TCP for file transfer and in this case it is secure.
What is TFTP used for?
The TFTP protocol was mainly designed to be able to read or write files remotely, through a server. But, as we will see, it has many more uses than just what we mentioned.
Reading and writing files
The main use is that of read or send small files. For example an email or a system folder. It is usually used to transfer files used to start a computer or to configure a system between different devices that are connected to each other.
It is commonly used when these devices are connected within the same network. We have seen that no authentication is required, so outside of that network it could be a major security issue.
Devices that do not have a hard drive
It is also used in devices that they don’t have a hard drive to store files. This allows TFTP to use a small part of the memory and for example to be able to boot a network or a system.
This makes it possible to dispense with that memory, such as a hard disk, which would be necessary in the case of using other similar file transfer protocols. It will allow us to start a computer remotely without the need for a hard drive.
An important point to highlight and that allows the TFTP protocol to be carried out is to create Backups. We can do it with the network configuration of a computer. We are talking about small files that we can transfer easily and that it will not be necessary to authenticate.
We can also create these backups from the router configuration. This will allow us to have those files in case there is a problem and we want to return to the previous state.
Scan for Viruses
Although today it is a much less used and popular protocol than it was a few decades ago, the truth is that TFTP is still useful when it comes to analyzing a computer to detect potential threats in the form of malware.
It can act in a way that reduces the load on a system and allows us to analyze files in a simple way. Those responsible for security on certain occasions rely on this protocol.
Equipment with little capacity
Despite the fact that it is a simple protocol and that today we can say that it has become outdated if we compare it with other more recent ones, the truth is that it is still used. One of the reasons is to take advantage of its simplicity on computers that do not have a large capacity and not have to use many resources to transfer files or be able to configure something.
It is usually used in devices such as a router, a VoIP central and the like. For example allows update firmware without having a hard drive or being able to configure something.
Security, a problem for the TFTP protocol
We have seen that it is a very old protocol and that it is only used for basic and specific things. However, the security it is a problem that is present. On the one hand, there is the fact that transferring files is not secure as it does not require authentication, but it can also serve as a means of attack.
Cases have been seen of vulnerabilities in the TFTP protocol that affect its own operation and that makes any equipment that has it enabled can be affected. We talk about DrDoS attacks, which is basically a scaling-up DDoS attack. What this type of attack does is look for the service request or access packets and generate a large quantity.
A solution to avoid security problems with the TFTP protocol is to disable it in case we are not using it. However, this is something that the teams that have it enabled today is because it may be necessary.
Whenever possible, the ideal is to use other file transfer protocols such as SCP or SFTP. For example, Windows 10 has this protocol disabled as standard, although it is available to enable if we need it.
How to enable TFTP in Windows 10
For enable TFTP in Windows 10 We have to go to the Control Panel, enter Programs and click on Programs and Features. On the left we will see the section on Activate or deactivate Windows features. There we will see different characteristics that we can add if they interest us.
To enable TFTP we just have to check the box and click OK. The process will take a moment and it will already be enabled in the operating system and we can use it. However, as we have seen today, it is somewhat outdated and has certain security risks. Unless we need to use it, it is best to leave it disabled.
In short, TFTP is a simple file transfer protocol that allows us to read or write small files and exchange them between devices. Although it is an old protocol, today it is still used in certain circumstances.