Re: RE: [fw-wiz] Acqusition of time
From: Joseph S D Yao (jsdy@center.osis.gov)
Date: 01/30/03
- Next message: Steve Evans: "RE: [fw-wiz] Checkpoint Securemote"
- Previous message: Brian Hatch: "Re: [fw-wiz] Best-of-breed Proxies (was Re: Proxy Firewalls ...)"
- In reply to: Paul D. Robertson: "Re: RE: [fw-wiz] Acqusition of time"
- Next in thread: Volker Tanger: "Re: [fw-wiz] Acqusition of time"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Joseph S D Yao <jsdy@center.osis.gov> To: "Paul D. Robertson" <proberts@patriot.net> Date: Thu Jan 30 15:48:55 2003
On Wed, Jan 29, 2003 at 12:29:56PM -0500, Paul D. Robertson wrote:
> On Wed, 29 Jan 2003, Brian Monkman wrote:
>
> > Ok - so something more specific this time.
> >
> > We are talking about a firewall farm. We want the time to be sync'ed
> > between all of the firewalls. Logs go to a central logging server.
> > Reason for the sync'ing, to ensure that time is accurate across all of
> > the firewalls in order to facilitate forensics and event correlation.
> >
> > In your opinion - should we have a battery backed-up clock on these
> > firewalls or is the network time source sufficient?
>
> If the criterion is that the firewalls be synchronized to some standard,
> then I suppose the real issue is what happens if a single firewall is
> rebooted and unable to reach either the time server or the logging server
> (if it's syslog, you don't even know you didn't get there?)
>
> (UDP-based syslogs were heavily affected by SQL-Slammer for instance.)
>
> Battery back-up helps for the reboot instance, and (potentially, though
> not normally) for the timeserver goes down instance. If there's defined
> behaviour for "system rebooted and couldn't reach the timeserver" and it's
> materially seperable from "just after midnight," then I don't suppose
> there's much of an issue, you can put things back together by deltaing
> once you do get reliable time information.
Battery back-up clocks MUST periodically have the network-based time
written into them! Otherwise, when the system re-boots, you get the
battery back-up clock's time, whatever it might just happen to be!
Most battery hardware clocks aren't very expensive, so this seems like
a cheap and reasonable backup to syncing off the NTP source(s).
-- Joe Yao jsdy@center.osis.gov - Joseph S. D. Yao OSIS Center Systems Support EMT-B ----------------------------------------------------------------------- PLEASE ... send or Cc: all "OSIS Systems Support" mail to sys-adm@center.osis.gov ----------------------------------------------------------------------- This message is not an official statement of OSIS Center policies.
- Next message: Steve Evans: "RE: [fw-wiz] Checkpoint Securemote"
- Previous message: Brian Hatch: "Re: [fw-wiz] Best-of-breed Proxies (was Re: Proxy Firewalls ...)"
- In reply to: Paul D. Robertson: "Re: RE: [fw-wiz] Acqusition of time"
- Next in thread: Volker Tanger: "Re: [fw-wiz] Acqusition of time"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
