|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] NTP
If you're really concerned about security implications of the open port, you can get an internal (GPS) timeserver like a Truetime box. These run off a dish on the roof and act as a stratum one server on your LAN. They have a fancy one with a dial backup in case the dish dies. Meanwhile you can set your unix boxes to not respond to timestamp requests etc.. and use a FW rule to allow NTP from that one source to your one server.. it's a start anyhow! ..but generally I don't know of any 'big' holes in NTP. Doesn't mean there aren't a bunch. ;-) Your setup sounds fine. Use one server to contact the master server, and have all of your hosts contact your server for time. I do this and it works great.. get your firewalls, routers, etc all on the same time. A big help when going through logs to see what's going on! Also, to hold up in court, I've heard you have to have time stamps agreeing to the ms or the evidence will not hold up. Anyone know if that's true or not? hth Joe >>> Newsgroups <[email protected]> 02/04/02 08:19AM >>> Hi listers, Do any of you know of any security issues with the NTP protocol (port 123)? We would like to set up one internal server to serve as internal time server (synced with the Internet), where all other servers will point to. The reason for doing this as we have some time oriented rules on the FW's which have to work together. Also tips and trics for the best way (tools?) for setting up an NTP server are welcome. With kind regards, Marco Schelling ***************************DISCLAIMER*********************************** Deze e-mail is uitsluitend bestemd voor de geadresseerde(n). Verstrekking aan en gebruik door anderen is niet toegestaan. Fortis sluit iedere aansprakelijkheid uit die voortvloeit uit electronische verzending. This e-mail is intended exclusively for the addressee(s), and may not be passed on to, or made available for use by any person other than the addressee(s). Fortis rules out any and every liability resulting from any electronic transmission. ****04****************************************************************** ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
