[EMAIL PROTECTED] wrote:
>
> I want to synchronise the time on my firewalls with ntp. Can anyone tell me what
>method is more secure: synchronise with an external server on the Internet or
>synchronise the time with my internal timeserver ?
To address the external time server bit:
It is _very_ insecure. Pretty much anyone can spoof time responses to your queries.
If you're using time based security in some way (timed firewall rules or
SecurID tokens), this can create anything from unwanted firewall holes to
DoS as the SecurID tokens can't be used to log on to your servers (their
clocks are all wrong).
Go with some internal solution. As Bret suggested, GPS is probably
good enough for 99% of all organizations out there.
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 �RNSK�LDSVIK
Phone: +46 (0)660 29 92 00 Direct: +46 (0)660 29 92 05
Mobile: +46 (0)70 66 77 636 Fax: +46 (0)660 122 50
WWW: http://www.enternet.se/ E-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
