Security Basics mailing list archives

Re: NTP recommedations

From: Bear Giles <bgiles () coyotesong com>
Date: Tue, 25 Mar 2003 14:56:23 -0700

Jennifer Fountain wrote:

Could anyone tell me their configuration or recommend a

> "good" configuration for company time servers?

A couple points that haven't been mentioned:

1) learn the "restrict" line in the configuration file. Your maintime servers can be locked down tightly.

2) learn the standard authentication tools. These aren't strong,but are enough to prevent casual access by curious employees orhostile attackers.

3) consider using the public key authentication scheme as well.It's not well documented, or probably even compiled in mostreleases, but you can run "ntp-genkeys" on your servers togenerate public keys, then add


  "autokey publickey ntpkey_hostname"

to your "server" and "peer" lines to turn it on. (You also needto provide some standard "crypto" lines above, or just put thefiles in the expected places.)



-------------------------------------------------------------------
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.surfcontrol.com/go/zsfsbl1

Current thread:

NTP recommedations Jennifer Fountain (Mar 12)
- RE: NTP recommedations Burton M. Strauss III (Mar 13)
- Re: NTP recommedations Ned Fleming (Mar 13)
- Re: NTP recommedations Darren Van Booven (Mar 18)
- Re: NTP recommedations Bear Giles (Mar 26)
- <Possible follow-ups>
- Re: NTP recommedations Tace (Mar 13)
- RE: NTP recommedations Dan Fiorito (Mar 13)