nanog mailing list archives
Re: Need trusted NTP Sources
From: Nick Hilliard <nick () foobar org>
Date: Thu, 06 Feb 2014 12:09:24 +0000
On 06/02/2014 11:46, Notify Me wrote:
We're a redhat shop, and we use redhat auth which by default uses redhat NTP sources. Sounds odd to me too. They claim this is what PCI DSS demands.
PCI DSS states:
10.4.3 Time settings are received from industry-accepted time sources.
The default RHEL time servers are defined as X.rhel.ntp.org. Many people would consider ntp.org as industry-accepted, and there are several PCI-DSS auditing companies out there who explicitly recommend using pool.ntp.org for this purpose. If that's not good enough, the PCI DSS standards explicitly state in the NTP interpretation section:
More information on NTP can be found at www.ntp.org, including information about time, time standards, and servers.
So, if PCI themselves view ntp.org as being authoritative about NTP I can't see any reason why the time servers they publish wouldn't pass an audit. Nick
Current thread:
- Need trusted NTP Sources Notify Me (Feb 06)
- Re: Need trusted NTP Sources Nick Hilliard (Feb 06)
- Re: Need trusted NTP Sources Notify Me (Feb 06)
- Re: Need trusted NTP Sources Nick Hilliard (Feb 06)
- Re: Need trusted NTP Sources Chris Adams (Feb 06)
- Re: Need trusted NTP Sources Notify Me (Feb 06)
- Message not available
- Re: Need trusted NTP Sources Notify Me (Feb 06)
- Re: Need trusted NTP Sources Aled Morris (Feb 06)
- Re: Need trusted NTP Sources Mark Milhollan (Feb 06)
- Re: Need trusted NTP Sources Jay Ashworth (Feb 06)
- Re: Need trusted NTP Sources Saku Ytti (Feb 07)
- Re: Need trusted NTP Sources Jimmy Hess (Feb 07)
- Re: Need trusted NTP Sources Jay Ashworth (Feb 08)
- Re: Need trusted NTP Sources Roy (Feb 07)
- RE: Need trusted NTP Sources Matthew Huff (Feb 07)
- Re: Need trusted NTP Sources Notify Me (Feb 06)
- Re: Need trusted NTP Sources Nick Hilliard (Feb 06)