Firewall Wizards mailing list archives
Re: Acqusition of time
From: Volker Tanger <volker.tanger () discon de>
Date: Wed, 29 Jan 2003 16:58:36 +0100
Greetings! Brian Monkman wrote:
Are there any situations where a firewall's acqusition of time could/should be from a network time source? Not necessarily a public source, it could be an "internal" time source
Definitely. We always recommend to sync all (logging) network systems (fw, mail, proxy, dns, dhcp, router, etc.) against the same, preferrably internal time server. Else you'll quite probably have an uncomfortable time when trying to dissect network or connection problems as timestamps in all the logs will differ.
Yes, the servers might be sensitive to forged (S)NTP packets then, but an internal, bastioned and firewalled (of course) time server should mitigate the risk considerably.
Alternative would be to equip each and every single one of those systems with a synchronized time source (e.g. GPS or radio clock) - which is quite a bit more expensive and complicated (e.g. server bunker is down in 2nd cellar floor, GPS antennaes on the roof above 183rd, but max. cable length 50m - go figure).
Bye Volker Tanger IT-Security Consulting -- discon gmbh WrangelstraĆe 100 D-10997 Berlin fon +49 30 6104-3307 fax +49 30 6104-3461 volker.tanger () discon de http://www.discon.de/ _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Acqusition of time Brian Monkman (Jan 29)
- Re: Acqusition of time R. DuFresne (Jan 29)
- Re: Acqusition of time Paul D. Robertson (Jan 29)
- Re: Acqusition of time Volker Tanger (Jan 29)
- Re: Acqusition of time Charles W. Swiger (Jan 29)
- Re: Acqusition of time Luis Bruno (Jan 29)
- Re: Acqusition of time Charles W. Swiger (Jan 29)
- Re: Acqusition of time Luis Bruno (Jan 29)
- <Possible follow-ups>
- RE: Acqusition of time Noonan, Wesley (Jan 29)
- RE: Acqusition of time dave (Jan 29)
- RE: Acqusition of time Paul D. Robertson (Jan 29)
- RE: Acqusition of time dave (Jan 29)
- RE: Acqusition of time Paul D. Robertson (Jan 29)
- RE: Acqusition of time dave (Jan 29)
- RE: Acqusition of time dave (Jan 29)
- RE: Acqusition of time Tina Bird (Jan 29)