Re: NTP security
Jamie Heilman wrote:
>
> > So what is the most secure way of syncing time on a server ?
>
> Coupling your server directly to an atomic clock, or some other source of
> "hard" time, yeilds no network reliance at all, and is the most secure way.
> Using bug free software is the most secure way to synchronize over a network.
> ntpd could probably benefit from a good auditing as it is a reference
> implmentation and those tend to get a rather unwieldy code-base. (BIND
> being a prime example)
See Ultra-Link, http://www.ulio.com/ for a low cost battery powerable
atomic clock radio receiver. It has a 3V inverted TTL RS-232 link
that runs at 2400 or 9600 baud. Power draw is +3.5V to 15V at 600uA.
Last I knew the ntp daemon knew how to talk to this guy. It's
available as a board set or in cases with proper RS-232 signal
levels, power supply, etc.
>
> > I noticed that /etc/services has a tcp entry for ntp. Is there any way
> > (short of changing the code) to coax ntp to use tcp instead of udp ?
>
> No, UDP is intrinsic to how NTP works.
Actually it isn't. A bi-directional link is usually needed, but it
seams the latest version also supports connecting to a multicast
network for broadcasting the current time or for receiving it. In
this case there is an unknown amount of network lag between the
transmitter and receiver. For most computers this isn't a problem
as it's unlikely the lag will be over 500 ms. Most computers only
need 1 second accuracy if that even.
--
| Bryan Andersen | bryan@visi.com | http://www.nerdvest.com |
| Buzzwords are like annoying little flies that deserve to be swatted. |
| -Bryan Andersen |
Reply to: