Re: "Hello Network, can i have the time?"

From: Stephen O'Sullivan (steve_at_nospam_noway_dontyoudare.net)
Date: 01/05/04 

Date: Mon, 5 Jan 2004 08:37:34 -0000

I'd like to have the service protected by a firewall. If its on my
peripheral router..... then that would not be the case.

Steve.

"Mark" <liedtkem.nospam@yahoo.nospam.com> wrote in message
news:edPcTBY0DHA.2948@TK2MSFTNGP09.phx.gbl...
> If you are not syncing the AD domain, you probably should. Here is a good
> list of public time servers.
> http://www.eecis.udel.edu/~mills/ntp/servers.html I know that cisco
routers
> can act as a time source, but Im not sure about a PIX. If so, you could
> sync the pix with an external source and sync the domain and the DMZ from
> the pix. Just a thought.
>
> Mark
> "Nobody" <nobody> wrote in message
> news:u%23r89aN0DHA.2528@TK2MSFTNGP09.phx.gbl...
> >
> > "Stephen O'Sullivan" <steve@nospam_noway_dontyoudare.net> wrote in
message
> > news:O$6YY05zDHA.536@tk2msftngp13.phx.gbl...
> > > I've thought about how i would do this. My Active Directory
controllers
> > are
> > > setting the times on my internal servers and workstations. If i want
to
> > > allow my web servers get the time from my AD controllers i will have
to
> > > place access-lists on my firewall to allow tcp traffic to pass through
> > port
> > > 123 from my web server to my ad controller - i don't like the sound of
> > that.
> > > Its got security breach written all over it. Then i've got to figure
out
> > > where do my AD controllers get their time. All these problems.
> > >
> >
> > Stephen,
> >
> > The following option comes to mind
> >
> > Allow the Domain controllers to sync with an Internet time source such
as
> > NIST and instead of the DMZ systems syncing to internal systems allow
the
> > them (DMZ systems) to sync with the same Internet time source.
> >
> > AFAIK, you only need to allow outgoing NTP on each system.
> >
> >
>
>

Relevant Pages

  • Re: "Hello Network, can i have the time?"
    ... > can act as a time source, but Im not sure about a PIX. ... > sync the pix with an external source and sync the domain and the DMZ from ... >> Allow the Domain controllers to sync with an Internet time source such ...
    (microsoft.public.security)
  • Re: help with windows time service
    ... Make sure no firewall is blocking port 123 UDP which the time service needs. ... In a domain the PDCEmulator is the time source, best is to sync that one with an external time server. ...
    (microsoft.public.windows.server.general)
  • Re: Time sync problem
    ... All domain members and domain controlers sync by default on the DC that is pdc emulator. ... All you have to do is to get your server to sync outside, ... in the domain hierarchy to use as a time source. ...
    (microsoft.public.windows.server.active_directory)
  • Re: NTP Server Question
    ... This posting is provided "AS IS" with no warranties, and confers no rights. ... How do i setup the PDCEmulator to sync up with a differnet time ... Time server ioption in DHCP scope options is possible, 004 Time server, either with ip or server name ... In a domain you have the PDCEmulator which is the Time source in the ...
    (microsoft.public.windows.server.general)
  • Re: time synchronization across domain
    ... All the other machines should be ... >moved it or the PDC Emulator. ... > Other DCs from each domain sync from their own PDC ... >time source but you must NOT let the time get too far out ...
    (microsoft.public.win2000.active_directory)
Loading