Re: Need trusted NTP Sources

[jamie rishaw <j () arpa com>]

PCI DSS only requires that all clocks be synchronized; It doesn't
/require/ "how".

If you have servers getting time from external sources (authenticated
always a plus) and peering with each other internally, then you comply
with PCI DSS 2.0 (3.0 has no changes to this that I'm aware of).

OTOH, I'm surprised nobody has mentioned
http://www.team-cymru.org/ReadingRoom/Templates/secure-ntp-template.html

-j

On Thu, Feb 6, 2014 at 6:53 AM, Notify Me <notify.sina () gmail com> wrote:
> Raspberries! Not common currency here either, but let's see!
> grateful for all the input and responses, this list is amazing as usual.
>
> On Thu, Feb 6, 2014 at 1:41 PM, Aled Morris <aledm () qix co uk> wrote:
> > On 6 February 2014 12:30, Martin Hotze <m.hotze () hotze com> wrote:
> >
> > > > I'm trying to help a company I work for to pass an audit, and we've
> > > > been told we need trusted NTP sources (RedHat doesn't cut it). Being
> > > > located in Nigeria, Africa,
> >  [...]
> >
> > > So build your own stratum 1 server (maybe a second one with DCF77 or
> > > whatever you can use for redundancy),
> >
> > I don't think DCF77 is going to reach Nigeria.
> >
> > Aled



-- 
jamie rishaw // .com.arpa@j <- reverse it. ish.

"Reality defeats prejudice." - Rep. Barney Frank