Security Basics mailing list archives
Re: NTP recommedations
From: Bear Giles <bgiles () coyotesong com>
Date: Tue, 25 Mar 2003 14:56:23 -0700
Jennifer Fountain wrote:
Could anyone tell me their configuration or recommend a
> "good" configuration for company time servers? A couple points that haven't been mentioned:1) learn the "restrict" line in the configuration file. Your main time servers can be locked down tightly.
2) learn the standard authentication tools. These aren't strong, but are enough to prevent casual access by curious employees or hostile attackers.
3) consider using the public key authentication scheme as well. It's not well documented, or probably even compiled in most releases, but you can run "ntp-genkeys" on your servers to generate public keys, then add
"autokey publickey ntpkey_hostname"to your "server" and "peer" lines to turn it on. (You also need to provide some standard "crypto" lines above, or just put the files in the expected places.)
------------------------------------------------------------------- SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.surfcontrol.com/go/zsfsbl1
Current thread:
- NTP recommedations Jennifer Fountain (Mar 12)
- RE: NTP recommedations Burton M. Strauss III (Mar 13)
- Re: NTP recommedations Ned Fleming (Mar 13)
- Re: NTP recommedations Darren Van Booven (Mar 18)
- Re: NTP recommedations Bear Giles (Mar 26)
- <Possible follow-ups>
- Re: NTP recommedations Tace (Mar 13)
- RE: NTP recommedations Dan Fiorito (Mar 13)