Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: NTP recommedations

From: "Tace " <tace () lycos com>
Date: Thu, 13 Mar 2003 08:55:47 +0800
Hi,
  Since you will be using machines in the DMZ to query over internet,
perhaps you might want to consider using the 3 servers you mentioned to act as a proxy for querying the time servers. 
The proxy will only accept connections from internal time servers and forwards them out.
  Just a suggestion,tho

Tace

On Tue, 11 Mar 2003 20:32:02  
 Jennifer Fountain wrote:

I am currently looking into configuring my company's time servers.  My initial thoughts were setting up two or three 
in the dmz and configuring them to update their time on a regular basis (haven't defined regular yet) and then install 
two or three interal time servers that query these servers.  I currently have a web server, reverse proxy, ftp (blush 
embarrassed - going to be getting rid of THIS real soon), email, ids, and two dns servers in the dmz.  Someone has 
recommended to configure three of these servers (web, dns, and email) as a time server.  At first, I say - huh - no.  
That would mean opening up two ports on each box and having a new set of potential problems if i miss anying.  But I 
am not an expert so I head to google searches and you for guidance.  Could anyone tell me their configuration or 
recommend a "good" configuration for company time servers?  

Thank you
Jenn

P.S  If anyone is at SANS 2003, ping me if you are in track 3 :)




_____________________________________________________________
Get 25MB, POP3, Spam Filtering with LYCOS MAIL PLUS for $19.95/year.
http://login.mail.lycos.com/brandPage.shtml?pageId=plus&ref=lmtplus
Previous By Date Next
Previous By Thread Next

Current thread: