[ntp:hackers] UDel security

David L. Mills mills at udel.edu
Thu May 12 12:20:34 PDT 2005

Danny, Steve, et al,

For some time now access to our department NTP server pogo.udel.edu has 
required cryptographic authentication. Read my message as extending this 
model to our public NTP server rackety.udel.edu. The other sandbox 
machines here have flavor of the moment configurations for testing 
purposes that sometimes do and sometimes don't require authentication. 
Perhaps my meaning can be clarified by saying the notrust bit is set for 
pogo and that I plan to set it on rackety (with due advance notice).

Recent experience at USNO and NIST strongly suggests some form of 
mandatory access control is necessary for at least some public servers. 
Case in point is at USNO, where the operators want to screen out all 
except military customers. Autokey and notrust would seem the natural 
defense. To make this work in practice, there needs to be a convenient 
way to get the group key. At the moment, I can't find the magic secure 
web page that serves as a way to get the group key wrapped in a shell 
script that installs the key and links.

What I would like to see at ISC is a secure web page which does this 
where the user supplies the server name and password to encrypt the 
reply. The group key could be supplied at the time the public list is 
updated. I would assume some way would be required to upload the group 
key. Is this possible?

Of course, this issue in and of itself has nothing to do with whether or 
not the notrust bit is set.


mayer wrote:

>----- Original Message Follows -----
>>The department staff has closed all access from outside 128.4 to only
>>a  few carefully watched public machines and closed off all RPC ports 
>>except NTP and a couple of others. The 128.4 NTP test machines on the 
>>campus and backroom subnets are currently open to ssh (only). I should
>>probably change that to require login to pogo first before allowing 
>>access to other machines. Will this be a problem for the legitimate 
>>testers and hackers?
>>From my point of view as a developer, as long as I can SSH into pogo
>as necessary that's fine. I usually SSH to pogo before I go anywhere
>else anyway. This sounds like a good choice.
>>Most of our machines are now closed access via NTP unless 
>>cryptographically authenticated. I intend to do that for all campus 
>>servers, including those that are now open access. UDel will thus turn
>>into a black hole for everything except the web and a few portholes
>>like  our campus, department public servers.
>I'm not sure I understand how you are closing access via NTP unless
>cryptographically authenticated since the Autokey scheme authenticates
>the server to the client rather than the other way round. We've
>had a number of discussions on this issue. Or did I misunderstand
>what you are saying?
>>I am asking the ISC to regularize the Autokey group key provision via 
>>the web. Can we set up a scheme that allows registration and retrieval
>>of a group key for designated machines? I am open to any scheme that 
>>provides cryptographically secure storage and retrieval of a group key
>>for any specific registered group.
>Are you talking about the autokey key distribution scheme that Steve
>set up? Or is this something else? What keys would be distributed and
>for what machines?

More information about the hackers mailing list