Educause Security Discussion mailing list archives

Re: NTP servers and sources

From: Gary Dobbins <dobbins () ND EDU>
Date: Tue, 30 Sep 2008 13:29:29 -0400

If you can't just sit a strata down from one of the NIST servers, WWVB
Radio receivers are relatively cheap and can feed accurate time over
RS-232 to a host in your net.

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Gary Flynn
Sent: Tuesday, September 30, 2008 1:18 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] NTP servers and sources

John Kristoff wrote:

On Mon, 29 Sep 2008 17:32:31 -0400
Gary Flynn <flynngn () JMU EDU> wrote:

Is there any consensus about best practices for university
time sources?


Perhaps this would be helpful?

  <https://puck.nether.net/pipermail/ednog/2005-June/000048.html>



What I was really wondering about was whether there was any
consensus or commonalities in high level design decisions
and current practices.

Our network and systems folks are telling me our routers
are not reliable time servers and I'm looking at alternatives.
Given the price of reference clocks and pizza box servers
these days, it seems like it would be *relatively* simple and
cheap to implement our own time sources and stratum 1 servers.

So I was wondering about things like:

- How common are internal reference clocks and stratum 1 servers
   at universities? Should they be encouraged?

- How many people are using their routers as the primary NTP
   distribution source?

- What practices are in place regarding the minimum number
   of peering with internal and external sources and MD5
   security?

- What method of client distribution is most often used
   ( e.g. broadcast, multicast, unicast )

- What is being used to configure clients ( e.g. DHCP, group
   policy )

- If and how you allow outside access to your NTP servers






--
Gary Flynn
Security Engineer
James Madison University
www.jmu.edu/computing/security

Attachment: smime.p7s
Description:

Current thread:

NTP servers and sources Gary Flynn (Sep 29)
- <Possible follow-ups>
- Re: NTP servers and sources John Kristoff (Sep 30)
- Re: NTP servers and sources Derek Ethier (Sep 30)
- Re: NTP servers and sources Michael Costello (Sep 30)
- Re: NTP servers and sources Gene Spafford (Sep 30)
- Re: NTP servers and sources Gary Flynn (Sep 30)
- Re: NTP servers and sources Gary Dobbins (Sep 30)
- Re: NTP servers and sources Michael Sinatra (Sep 30)