Security Basics mailing list archives
Re: NTP recommedations
From: Ned Fleming <ned () kaw us>
Date: Thu, 13 Mar 2003 09:13:45 -0600
On Tue, 11 Mar 2003 20:32:02 -0500, "Jennifer Fountain" <JFountain () rbinc com> wrote:
I am currently looking into configuring my company's time servers.
A couple of things: You can probably skip making ntp servers out of your DMZ-based machines. Set up your ntp servers on your corporate LAN and allow them, and only them, to contact external ntp sources (port 123, I believe). Your internal ntp servers should get their data from dispersed sources. (We use those in Boulder, Houston, and Washington.) Give your internal ntp servers alias DNS names. For example, say you're running a Linux boxed called webserver.rbinc.com, which is running apache. You put ntp on this box to make it an ntp server. Give it the DNS name of clock.rbinc.com, and make sure people use this name to access the service. Call the other ones tick.rbinc.com and tock.rbinc.com. That way you can move the service around to different boxes as you need to.
Current thread:
- NTP recommedations Jennifer Fountain (Mar 12)
- RE: NTP recommedations Burton M. Strauss III (Mar 13)
- Re: NTP recommedations Ned Fleming (Mar 13)
- Re: NTP recommedations Darren Van Booven (Mar 18)
- Re: NTP recommedations Bear Giles (Mar 26)
- <Possible follow-ups>
- Re: NTP recommedations Tace (Mar 13)
- RE: NTP recommedations Dan Fiorito (Mar 13)