nanog mailing list archives
Re: Need trusted NTP Sources
From: Michael DeMan <nanog () deman com>
Date: Thu, 6 Feb 2014 07:24:17 -0800
Hi Alexander, I think you or your consultant may have an overly strict reading of the PCI documents. Looking at section 10.4 of PCI DSS 3.0, and from having gone through PCI a few times... If you have your PCI hosts directly going against ntp.org or similar, then you are not in compliance. My understanding is that you need to: A) Run a local set of NTP servers - these are your 'trusted' servers, under your control, properly managed/secured, fully meshed, etc. These in turn (section 10.4.3) can get their time from 'industry-accepted time sources'. B) The rest of your PCI infrastructure in turn uses these NTP servers and only these NTP servers. - Michael DeMan On Feb 6, 2014, at 2:27 AM, Alexander Maassen <outsider () scarynet org> wrote:
www.pool.ntp.org -------- Oorspronkelijk bericht -------- Van: Notify Me <notify.sina () gmail com> Datum: Aan: "nanog () nanog org list" <nanog () nanog org>,afnog () afnog org Onderwerp: Need trusted NTP Sources Hi ! I'm trying to help a company I work for to pass an audit, and we've been told we need trusted NTP sources (RedHat doesn't cut it). Being located in Nigeria, Africa, I'm not very knowledgeable about trusted sources therein. Please can anyone help with sources that wouldn't mind letting us sync from them? Thanks a lot!
Current thread:
- Re: Need trusted NTP Sources, (continued)
- Re: Need trusted NTP Sources Saku Ytti (Feb 09)
- Re: Need trusted NTP Sources Lyle Giese (Feb 09)
- Re: Need trusted NTP Sources Jimmy Hess (Feb 09)
- Re: Need trusted NTP Sources Brett Frankenberger (Feb 09)
- Message not available
- Message not available
- Message not available
- Re: Need trusted NTP Sources Larry Sheldon (Feb 06)
- Message not available
- Message not available
- Re: Need trusted NTP Sources Larry Sheldon (Feb 06)
- Re: Need trusted NTP Sources Jay Ashworth (Feb 06)
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Re: Need trusted NTP Sources Larry Sheldon (Feb 06)
- Re: Need trusted NTP Sources Michael DeMan (Feb 06)
- Re: Need trusted NTP Sources Saku Ytti (Feb 06)
- RE: Need trusted NTP Sources Frank Bulk (Feb 06)
- Re: Need trusted NTP Sources Aled Morris (Feb 06)
- Re: Need trusted NTP Sources Notify Me (Feb 06)
- Re: Need trusted NTP Sources jamie rishaw (Feb 06)
- Re: Need trusted NTP Sources Jimmy Hess (Feb 06)
- RE: Need trusted NTP Sources Tony Hain (Feb 06)