Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

FTP/TFTP enabled on server?

Status
Not open for further replies.
heathersuzanne

heathersuzanne

Technical User
Jan 8, 2007
244
US
Hi everyone,

I'm in a training class now, and my teacher told me that we should NEVER enable FTP or TFTP on the 8xxx servers - that its some sort of security issue. All my 8300'd have it enabled - n fact we are using the ftp on the server itself for phone registration. My teacher tried to expailn why this was wrong but I just dont get it - why is that so bad? Something about opening port 23 to the world...?? Any clues? How worried should I be about my systems set up this way? Thanks!!!

:)
 
Sort by date Sort by votes
I think your teacher is confused with 'Telnet'. Telnet uses port 23 and is not secure and anything you type can be seen in a sniffer trace. Ie, password's etc.

In CM4 telnet is disabled by default and you must SSH to CM.

It's ok to use the S8300 as a TFTP server for upgrades.
 
Upvote 0 Downvote
As long as you're not going over 100 phones at a site, you should be fine using the S-8xxx as the TFTP / HTTPS server for your phone firmware needs.
 
Upvote 0 Downvote
You teacher is correct. You can use the TFTP/FTP funcion of the SXXX server but it does create a security risk.

The SXXX server is a linux server. TFTP/FTP are the largest security risks for linux in general and it has nothing to do with the fact that its an avay product.

If your network is secure then you may not even have to worry about it but if you aren't sure I would do a little research.


you can google "linux ftp security" and find plenty of information on this issue. With most linux devices there are things you can do to close up the holes in security even while enableing ftp/tftp services. However, because this is an avaya product, you are not allowed to make said changes to the system without voiding your warranty.

The best solution is to simply use an external FTP/TFTP server.

 
Upvote 0 Downvote
if you want to enable ftp services on the server, try: sudo ftpserv on.

This command allows you temp access to server fo downloading patches..
 
Upvote 0 Downvote
Just for the fun of it, when you return from class start a sniffer like wireshark on the same LAN segment, start an FTP session, and you know why.
FTP, and TFTP send their passwords over the network 'plain-text'.In other words: anyone doing that can get access to your systems.
Port 23 is telnet, same thing...
SSH usually is a good replacement for telnet, as this is more secure.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Turtlepuke
  • Locked
  • Question
Quickest Way To Get All My Announcements On A New Media Server 1
Replies
3
Views
750
JefferP
JefferP
curibe
  • Locked
  • Question
Server Internal Error java.lang.Cla
Replies
1
Views
445
kyle555
kyle555
curibe
  • Locked
  • News
Server Internal Error java.lang.ClassCastException: com.ibm.ws.sip.container.servlets.TelURLImpl inc
Replies
0
Views
364
curibe
curibe
O
  • Locked
  • Question
Configuring IP office Server Edition expansion system V2
Replies
4
Views
355
ogallisk
O
RedTech443
  • Locked
  • Question
ADS/SAL Server Alarming.
Replies
4
Views
173
RedTech443
RedTech443

Part and Inventory Search

Sponsor

Back
Top