An internal server will likely be more secure than an external server.
For the truly paranoid:
- Get your own atomic clock, sync to good outside time, then cut off access to outside
time. Good clocks won't drift very fast. Sync every year or two.
- Use multiple independent direct sources of time. NTP servers are available to sync
from GPS time, WWVB time, and dialup telephone links to USNO or NIST (in US, in NL you
will have different choices). Get one or more of all three!!! Sleep better at night
knowing hackers would have to jam/spoof multiple independent sources of time.
- Feed time directly to your firewalls, rather than using the shared network. If your
firewalls are Unix boxes, you can feed time to them using RS-232 or a second, private
Ethernet network. If you are using "black box" firewalls, you probably can't use this
technique.
For more information about NTP and time than you really want to know:
http://www.eecis.udel.edu/~ntp/
-- Rex
At 9:37 AM +0200 6/22/00, [EMAIL PROTECTED] wrote:
>I want to synchronise the time on my firewalls with ntp. Can anyone tell me
>what method is more secure: synchronise with an external server on the
>Internet or synchronise the time with my internal timeserver ?
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
