Great Circle Associates Firewalls
(April 1995) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Feeping Creaturism in routers (was Re: Response to Satan)
From: Tom Fitzgerald <fitz @ wang . com>
Date: Mon, 3 Apr 1995 00:05:41 -0400
To: firewalls @ greatcircle . com 
> One of the advantages
> that routers have over UNIX hosts is that they don't come with so many
> capabilities, each of which have to be considered for security implications
> and protected or turned off as necessary.

Synchronizing a firewalled net with the Internet requires running NTP
*somewhere*, whether it's on the routers themselves (assuming a screened-
network configuration) or on a Unix bastion.  So the question isn't whether
adding NTP to the router makes it less secure, the question is whether a
router with NTP is less secure than a Unix box with NTP.  And it's a
question that I'm not going to try to answer, no way.

There are some other issues....

A router isn't such a simple thing that NTP is a big increase in
complexity.  It's already likely to be running multiple routing processes
redistributing routes between themselves and into the routing table, it may
have an SNMP server, telnet server, finger server, telnet client, tftp
client, and probably lots more stuff that I can't think of.  Due to this,
it's already got a scheduler, memory manager and maybe even a protected
memory system, which will certainly help a lot in keeping NTP bugs from
opening holes in code unrelated to NTP.  If the router software is
architected right, then something like NTP should be no big deal.

On the other hand, it's easier to trust a Unix box built from sources,
running NTP built from source.  Do we *know* that some router's software is
architected to keep processes out of each other's data?

Now I'm going to kill off my previous points...  while Ciscos can run NTP,
there's no reason for them to.  I don't agree with the point that routers
should do NTP because they're on every subnet anyway; you're much better
off having a single Unix server using directed broadcasts to flood the time
onto all the subnets where it's useful.  Then, all you need are routers
that can forward directed broadcasts, and one central host.  There's no need
to have to modify all your router configurations just because you want to
change the NTP topology.

-- 
Tom Fitzgerald    1-508-967-5278    Wang Labs, Lowell MA, USA    fitz @
 wang .
 com
Follow-Ups:
Indexed By Date Previous: Re: Bullet Proof Servers and UnderDog Pills
From: paul @ hawksbill . sprintmrn . com (Paul Ferguson)
Next: Re: Encryption packages
From: ward @ mls . HAC . COM (Ward Bathrick)
Indexed By Thread Previous: Re: ccMail SMTP Gateway
From: John Adams <jna @ concorde . com>
Next: Re: Feeping Creaturism in routers (was Re: Response to Satan)
From: Earl Stutes <estutes @ eas . westend . frus . com>
Google
 
Search Internet Search www.greatcircle.com