Re: [fw-wiz] Acqusition of time

From: Volker Tanger (volker.tanger@discon.de)
Date: 01/29/03

• Next message: Charles W. Swiger: "Re: [fw-wiz] Acqusition of time"
• Previous message: Paul D. Robertson: "Re: [fw-wiz] Acqusition of time"
• In reply to: Brian Monkman: "[fw-wiz] Acqusition of time"
• Next in thread: Charles W. Swiger: "Re: [fw-wiz] Acqusition of time"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Volker Tanger <volker.tanger@discon.de>
To: Brian Monkman <bmonkman@comcast.net>
Date: Wed Jan 29 10:37:01 2003

Greetings!

Brian Monkman wrote:
> Are there any situations where a firewall's acqusition of time
> could/should be from a network time source? Not necessarily a public
> source, it could be an "internal" time source

Definitely. We always recommend to sync all (logging) network systems
(fw, mail, proxy, dns, dhcp, router, etc.) against the same, preferrably
internal time server. Else you'll quite probably have an uncomfortable
time when trying to dissect network or connection problems as timestamps
in all the logs will differ.

Yes, the servers might be sensitive to forged (S)NTP packets then, but
an internal, bastioned and firewalled (of course) time server should
mitigate the risk considerably.

Alternative would be to equip each and every single one of those systems
with a synchronized time source (e.g. GPS or radio clock) - which is
quite a bit more expensive and complicated (e.g. server bunker is down
in 2nd cellar floor, GPS antennaes on the roof above 183rd, but max.
cable length 50m - go figure).

Bye

Volker Tanger
IT-Security Consulting

-- 
discon gmbh
Wrangelstraße 100
D-10997 Berlin
fon    +49 30 6104-3307
fax    +49 30 6104-3461
volker.tanger@discon.de
http://www.discon.de/

• Next message: Charles W. Swiger: "Re: [fw-wiz] Acqusition of time"
• Previous message: Paul D. Robertson: "Re: [fw-wiz] Acqusition of time"
• In reply to: Brian Monkman: "[fw-wiz] Acqusition of time"
• Next in thread: Charles W. Swiger: "Re: [fw-wiz] Acqusition of time"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Time server ... and this server seems to be syncing externally fine. ... How to Synchronize an Internal Time Server with an External Source ... internal network's authoritative time source with a very precise external ... which provides the NIST Network Time service. ... (microsoft.public.windows.server.active_directory) Re: Time Server Question - Please Help ... for the network is often external to the network. ... into the domain model - the PDCe acts as the authoritative time source on ... The reason this has arisen is we have two 2003 Forest Domain's with a two ... also using themselves as the preferred time server. ... (microsoft.public.windows.server.active_directory) Re: [fw-wiz] Acqusition of time ... it could be an "internal" time source. ... the internal network flood is ... What time gets written to the logs when the attack commences? ... especially if you're going to have to take log files to court. ... (Firewall-Wizards) Re: very slow convergence of ntp to correct time. ... david@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx (David Woolley) writes: ... If, as I suspect, you only have one time source, they ... you are dealing with quite small delay ... On a local network ... (comp.protocols.time.ntp) Re: Using a Symmetricomm 1100 as a reference clock? ... multi-thousand dollar "time source" can't provide clocking to my IP ... it should have at least a PPS output. ... use a server over the network as your 'prefer' source (to get the ... (comp.protocols.time.ntp)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint