Security Basics mailing list archives
RE: NTP recommendations
From: Dean Scott <ScottD () FamilyMeds com>
Date: Thu, 13 Mar 2003 16:21:16 -0500
I use a computer on the DMZ linked to a stratum 2 source on the internet. We use tcp so that the out going request establishes a session on the firewall. This is the only function on this computer and it broadcasts within the DMZ, only this IP is let through the open port on the firewall and then only to another NTP server inside the corporate network. -----Original Message----- From: Jennifer Fountain [mailto:JFountain () rbinc com] Sent: Tuesday, March 11, 2003 8:32 PM To: security-basics () securityfocus com Subject: NTP recommedations I am currently looking into configuring my company's time servers. My initial thoughts were setting up two or three in the dmz and configuring them to update their time on a regular basis (haven't defined regular yet) and then install two or three interal time servers that query these servers. I currently have a web server, reverse proxy, ftp (blush embarrassed - going to be getting rid of THIS real soon), email, ids, and two dns servers in the dmz. Someone has recommended to configure three of these servers (web, dns, and email) as a time server. At first, I say - huh - no. That would mean opening up two ports on each box and having a new set of potential problems if i miss anying. But I am not an expert so I head to google searches and you for guidance. Could anyone tell me their configuration or recommend a "good" configuration for company time servers? Thank you Jenn P.S If anyone is at SANS 2003, ping me if you are in track 3 :)
Current thread:
- RE: NTP recommendations Dean Scott (Mar 17)
- <Possible follow-ups>
- RE: NTP recommendations Zill, Greg (Mar 18)