Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
Software serving simple file transfers over UDP port 69 with no authentication or encryption, used for router/switch configs and firmware on trusted networks.
TFTP Server Definition: Software serving simple file transfers over UDP port 69 with no authentication or encryption, used for router/switch configs and firmware on trusted networks.
A TFTP (Trivial File Transfer Protocol) server is software that provides simple file transfers to and from network devices using UDP port 69. It is intentionally minimal, with no authentication and no encryption, which makes it fast and lightweight and well suited to transferring configuration files, firmware images, and boot files within a trusted local network.
TFTP, defined in RFC 1350, uses a basic lock-step protocol: the client requests a read or write, and data is exchanged in fixed-size blocks (originally 512 bytes), each acknowledged before the next is sent. Running over connectionless UDP rather than TCP keeps the implementation tiny enough to fit in device firmware and bootloaders, which is why it is common for PXE network booting and for pushing images to routers and switches.
From a security standpoint, TFTP's simplicity is also its risk. Because it offers no authentication, no access control, and no encryption, anyone who can reach the server can potentially read or overwrite files, and any transferred data, including device configurations containing secrets, travels in cleartext open to sniffing. As a result, TFTP servers should run only on isolated management networks, be disabled when not in use, and be replaced by SCP or SFTP for any transfer crossing untrusted segments.
For example, a network engineer upgrading a switch points it at a TFTP server to download a new IOS firmware image and to back up its running configuration. The transfer succeeds quickly over UDP port 69, but because that configuration may contain SNMP strings and password hashes sent in the clear, the engineer runs the TFTP server only on a dedicated out-of-band management VLAN and shuts it down immediately afterward, limiting the window in which an attacker could intercept or tamper with the files.
Turn knowledge into credentials with our instructor-led cybersecurity boot camps.
View All Courses →