Hi, Since you will be using machines in the DMZ to query over internet, perhaps you might want to consider using the 3 servers you mentioned to act as a proxy for querying the time servers. The proxy will only accept connections from internal time servers and forwards them out. Just a suggestion,tho
Tace On Tue, 11 Mar 2003 20:32:02 Jennifer Fountain wrote: >I am currently looking into configuring my company's time servers. My initial >thoughts were setting up two or three in the dmz and configuring them to update their >time on a regular basis (haven't defined regular yet) and then install two or three >interal time servers that query these servers. I currently have a web server, >reverse proxy, ftp (blush embarrassed - going to be getting rid of THIS real soon), >email, ids, and two dns servers in the dmz. Someone has recommended to configure >three of these servers (web, dns, and email) as a time server. At first, I say - huh >- no. That would mean opening up two ports on each box and having a new set of >potential problems if i miss anying. But I am not an expert so I head to google >searches and you for guidance. Could anyone tell me their configuration or recommend >a "good" configuration for company time servers? > >Thank you >Jenn > >P.S If anyone is at SANS 2003, ping me if you are in track 3 :) > _____________________________________________________________ Get 25MB, POP3, Spam Filtering with LYCOS MAIL PLUS for $19.95/year. http://login.mail.lycos.com/brandPage.shtml?pageId=plus&ref=lmtplus
