[ntp:hackers] UDel security

todd glassey todd.glassey at worldnet.att.net
Thu May 12 10:12:03 PDT 2005


TCPWrappers works in a heartbeat. All the NIST Public Servers have this
feature set setup in them.

Todd

----- Original Message ----- 
From: "mayer" <mayer at gis.net>
To: "David L. Mills" <mills at udel.edu>; <hackers at ntp.org>
Sent: Thursday, May 12, 2005 9:57 AM
Subject: Re: [ntp:hackers] UDel security


> ----- Original Message Follows -----
> > Guys,
> >
> > The department staff has closed all access from outside 128.4 to only
> > a  few carefully watched public machines and closed off all RPC ports
> > except NTP and a couple of others. The 128.4 NTP test machines on the
> > campus and backroom subnets are currently open to ssh (only). I should
> > probably change that to require login to pogo first before allowing
> > access to other machines. Will this be a problem for the legitimate
> > testers and hackers?
>
> >From my point of view as a developer, as long as I can SSH into pogo
> as necessary that's fine. I usually SSH to pogo before I go anywhere
> else anyway. This sounds like a good choice.
>
> >
> > Most of our machines are now closed access via NTP unless
> > cryptographically authenticated. I intend to do that for all campus
> > servers, including those that are now open access. UDel will thus turn
> > into a black hole for everything except the web and a few portholes
> > like  our campus, department public servers.
>
> I'm not sure I understand how you are closing access via NTP unless
> cryptographically authenticated since the Autokey scheme authenticates
> the server to the client rather than the other way round. We've
> had a number of discussions on this issue. Or did I misunderstand
> what you are saying?
>
> >
> > I am asking the ISC to regularize the Autokey group key provision via
> > the web. Can we set up a scheme that allows registration and retrieval
> > of a group key for designated machines? I am open to any scheme that
> > provides cryptographically secure storage and retrieval of a group key
> > for any specific registered group.
> >
>
> Are you talking about the autokey key distribution scheme that Steve
> set up? Or is this something else? What keys would be distributed and
> for what machines?
>
> Danny
>
> > Dave
> >
>
> _______________________________________________
> hackers mailing list
> hackers at support.ntp.org
> https://support.ntp.org/mailman/listinfo/hackers




More information about the hackers mailing list