Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] NTP

To: [email protected]
Subject: Re: [FW-1] NTP
From: "Zeltser, Roman" <[email protected]>
Date: Mon, 4 Feb 2002 09:46:33 -0500
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Marco, in addition to Joe's suggestion, look here for the list of sites with
NTP-related products:
http://www.rtek2000.com/Tech/InternetSecureLinks.html#ntp

**********************************
Roman Zeltser,
@National Computer Center,
RSIS & DNE



-----Original Message-----
From: Joe Pampel [mailto:[email protected]]
Sent: Monday, February 04, 2002 9:18 AM
To: [email protected]
Subject: Re: [FW-1] NTP


If you're really concerned about security implications of the open port, you
can get
an internal (GPS) timeserver like a Truetime box. These run off a dish on
the roof and act
as a stratum one server on your LAN. They have a fancy one with a dial
backup in case
the dish dies.

Meanwhile you can set your unix boxes to not respond to timestamp requests
etc.. and use a FW
rule to allow NTP from that one source to your one server.. it's a start
anyhow!
..but generally I don't know of any 'big' holes in NTP. Doesn't mean there
aren't a bunch. ;-)

Your setup sounds fine. Use one server to contact the master server, and
have all of your
hosts contact your server for time. I do this and it works great.. get your
firewalls, routers, etc all
on the same time. A big help when going through logs to see what's going on!
Also, to hold up in court, I've heard you have to have time stamps agreeing
to the ms or the evidence will not hold up.
Anyone know if that's true or not?

hth

Joe

>>> Newsgroups <[email protected]> 02/04/02 08:19AM >>>
Hi listers,

Do any of you know of any security issues with the NTP protocol (port 123)?
We would like to set up one internal server to serve as internal time server
(synced with the Internet), where all other servers will point to. The
reason for doing this as we have some time oriented rules on the FW's which
have to work together.

Also tips and trics for the best way (tools?) for setting up an NTP server
are welcome.

With kind regards,

Marco Schelling


***************************DISCLAIMER***********************************
Deze e-mail is uitsluitend bestemd voor de geadresseerde(n).
Verstrekking aan en gebruik door anderen is niet toegestaan.
Fortis sluit iedere aansprakelijkheid uit die voortvloeit uit
electronische verzending.

This e-mail is intended exclusively for the addressee(s), and may
not be passed on to, or made available for use by any person
other than the addressee(s).
Fortis rules out any and every liability resulting from any
electronic transmission.
****04******************************************************************

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: Re: [FW-1] NTP
Next by Date: [FW-1] log message queue is full
Previous by thread: Re: [FW-1] NTP
Next by thread: [FW-1] log message queue is full
Index(es):
- Date
- Thread