Re: [fw-wiz] Acqusition of time

From: Charles W. Swiger (chuck@codefab.com)
Date: 01/29/03


From: "Charles W. Swiger" <chuck@codefab.com>
To: firewall-wizards@honor.icsalabs.com
Date: Wed Jan 29 10:43:03 2003

On Wednesday, January 29, 2003, at 09:55 AM, Brian Monkman wrote:
[ ... ]
> Are there any situations where a firewall's acqusition of time
> could/should be from a network time source? Not necessarily a public
> source, it could be an "internal" time source.

It's a good idea to have the timestamps on logfiles consistant, so running
ntpdate or some such upon system boot is a pretty good idea. Running ntpd
against internal NTP servers is a greater risk; so if your systems keep
adequate time, don't; if your systems drift noticably, then NTP will
probably be worth the tradeoff.

-Chuck

        Chuck Swiger | chuck@codefab.com | All your packets are belong to
us.
        
-------------+-------------------+-----------------------------------
        "The human race's favorite method for being in control of the facts
         is to ignore them." -Celia Green