Re: Acqusition of time

[Volker Tanger <volker.tanger () discon de>]

Greetings!

Brian Monkman wrote:
> Are there any situations where a firewall's acqusition of time 
> could/should be from a network time source? Not necessarily a public 
> source, it could be an "internal" time source

Definitely. We always recommend to sync all (logging) network systems 
(fw, mail, proxy, dns, dhcp, router, etc.) against the same, preferrably 
internal time server. Else you'll quite probably have an uncomfortable 
time when trying to dissect network or connection problems as timestamps 
in all the logs will differ.

Yes, the servers might be sensitive to forged (S)NTP packets then, but 
an internal, bastioned and firewalled (of course) time server should 
mitigate the risk considerably.

Alternative would be to equip each and every single one of those systems 
with a synchronized time source (e.g. GPS or radio clock) - which is 
quite a bit more expensive and complicated (e.g. server bunker is down 
in 2nd cellar floor, GPS antennaes on the roof above 183rd, but max. 
cable length 50m - go figure).

Bye

Volker Tanger
IT-Security Consulting

--
discon gmbh
Wrangelstraße 100
D-10997 Berlin

fon    +49 30 6104-3307
fax    +49 30 6104-3461

volker.tanger () discon de
http://www.discon.de/


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards