RE : NTP recommedations

Well, we use a GPS base timesource inside our corporate network. This timesource is use to feed my 2 main central routers.

The 2 routers act as timesource for my root W2K DC (the one with the PDC emulator role) that will in turn distribute time to all w2k stations and servers in the corporation. They also act as timesource to all other routers. Those routers deliver time on all their attach subnet.

If the GPS clock failed, My 2 central router will get their timesource from a W2K server in the DMZ configure as an NTP server. This DMZ server will get time from NTP2.USNO.NAVY.MIL.

If the GPS and DMZ timesource are out, the 2 server will keep everything synch until the problem is corrected.

-----Message d'origine-----
De : Jennifer Fountain [mailto:JFountain@rbinc.com] Envoyé : 11 mars, 2003 20:32
À : security-basics@securityfocus.com
Objet : NTP recommedations

I am currently looking into configuring my company's time servers. My initial thoughts were setting up two or three in the dmz and configuring them to update their time on a regular basis (haven't defined regular yet) and then install two or three interal time servers that query these servers. I currently have a web server, reverse proxy, ftp (blush embarrassed - going to be getting rid of THIS real soon), email, ids, and two dns servers in the dmz. Someone has recommended to configure three of these servers (web, dns, and email) as a time server. At first, I say - huh - no. That would mean opening up two ports on each box and having a new set of potential problems if i miss anying. But I am not an expert so I head to google searches and you for guidan ce. Could anyone tell me their configuration or recommend a "good" configuration for company time servers?

Thank you
Jenn

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

P.S If anyone is at SANS 2003, ping me if you are in track 3 :) Received on Thu Mar 13 11:11:48 2003