On Nov 14, 1:16pm, jwilde @
westmail .
com wrote:
> Subject: NTP through a firewall
> I was wondering if there would be any security concerns about using my
firewall
> as an NTP Server for the rest of our network. I was thinking of opening an
udp
> port for NTP and (network time protocol) allowing only my time provider to
talk
> to the firewall via NTP through an generalized proxy. My question is this,
> would this open a security hole? Wouldn't the NTP Server (our firewall) go
out
> and get the time when it is specified? Any comments would be appreciated.
having just done this, a couple of thoughts:
1) run 3 xntpd processes: one on an app proxy, that actually talks to the
outside server, and one on the screen that uses the app proxy as its server.
2) run an xntpd on an internal machine that is peer with the xntp on the
screen.
inside, talk to the internal xntp server. that way, you don't have to open
up a hole, and the time is relatively synched (hey, within a couple ms of
each other...ok?)
or, diagramatically:
inside xntpd <------> screen xntpd -------->app xntpd -------->internet
^ \__peer__/
|
inside talks here
just my $.02.
feel free to flame to /dev/null
--
Bryan D. Boyle | EMAIL: bdboyle @
erenj .
com
908-730-3338 | PAGE: bboyle @
apt1 .
pagemart .
com
#include <disclaimer> | http://www.access.digex.net/~bdboyle/index.html
"It seems that 'national security' is the root password to the Constitution.
As with any dishonest superuser, the best countermeasure is strong encryption."
-Phil Karn
References:
|
|
