Firewall Wizards mailing list archives
Re: RE: Acqusition of time
From: Joseph S D Yao <jsdy () center osis gov>
Date: Thu, 30 Jan 2003 15:36:18 -0500
On Wed, Jan 29, 2003 at 12:29:56PM -0500, Paul D. Robertson wrote:
On Wed, 29 Jan 2003, Brian Monkman wrote:Ok - so something more specific this time. We are talking about a firewall farm. We want the time to be sync'ed between all of the firewalls. Logs go to a central logging server. Reason for the sync'ing, to ensure that time is accurate across all of the firewalls in order to facilitate forensics and event correlation. In your opinion - should we have a battery backed-up clock on these firewalls or is the network time source sufficient?If the criterion is that the firewalls be synchronized to some standard, then I suppose the real issue is what happens if a single firewall is rebooted and unable to reach either the time server or the logging server (if it's syslog, you don't even know you didn't get there?) (UDP-based syslogs were heavily affected by SQL-Slammer for instance.) Battery back-up helps for the reboot instance, and (potentially, though not normally) for the timeserver goes down instance. If there's defined behaviour for "system rebooted and couldn't reach the timeserver" and it's materially seperable from "just after midnight," then I don't suppose there's much of an issue, you can put things back together by deltaing once you do get reliable time information.
Battery back-up clocks MUST periodically have the network-based time written into them! Otherwise, when the system re-boots, you get the battery back-up clock's time, whatever it might just happen to be! Most battery hardware clocks aren't very expensive, so this seems like a cheap and reasonable backup to syncing off the NTP source(s). -- Joe Yao jsdy () center osis gov - Joseph S. D. Yao OSIS Center Systems Support EMT-B ----------------------------------------------------------------------- PLEASE ... send or Cc: all "OSIS Systems Support" mail to sys-adm () center osis gov ----------------------------------------------------------------------- This message is not an official statement of OSIS Center policies. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Acqusition of time, (continued)
- RE: Acqusition of time Noonan, Wesley (Jan 29)
- RE: Acqusition of time dave (Jan 29)
- RE: Acqusition of time Paul D. Robertson (Jan 29)
- RE: Acqusition of time dave (Jan 29)
- RE: Acqusition of time Paul D. Robertson (Jan 29)
- RE: Acqusition of time dave (Jan 29)
- RE: Acqusition of time dave (Jan 29)
- RE: Acqusition of time Noonan, Wesley (Jan 29)
- RE: Acqusition of time Tina Bird (Jan 29)
- Re: Acqusition of time Volker Tanger (Jan 29)
- Re: RE: Acqusition of time Paul D. Robertson (Jan 29)
- Re: RE: Acqusition of time Joseph S D Yao (Jan 30)
- Re: Acqusition of time Volker Tanger (Jan 29)
- Re: Acqusition of time Ben Nagy (Jan 30)
- Re: Acqusition of time Martin Peikert (Jan 30)
- Re: Acqusition of time Frank Knobbe (Jan 31)
- Re: Acqusition of time Kevin Steves (Jan 31)
- Re: Acqusition of time Martin Peikert (Jan 31)