[ntp:questions] Re: ntpd and ACTS
You have no need to know
anjahnoaoed at fl.net.invalid
Thu Nov 18 12:19:08 UTC 2004
Abandoning the right to remain silent, Heiko Gerstung at Wed, 17 Nov 2004
10:01:00 +0100 said:
> Hi Walter,
> If you are a bank and it may happen that you are going to use the NTP
> time for some other things (besides bounding your colleagues to their
> desks) like database replication, computer forensics and so on, you
> should spend the money for an own stratum 1 reference time server. We
> have a lot of customers in the financial sector and I can say that I
> could not imagine a bank without its own time reference (how do you keep
> your transactions in the correct order?).
And agreeing with interchange partners when transactions occurred.
The bank we provide services for has a GPS receiver attached to the DNS
server at each computer centre. These have rooftop antennas with 360
degree horizontal and 180 degree vertical visibility. They've been in use
for at least 6 years. They all peer with each other. At the time they were
considered expensive. They wouldn't be today.
Now if we could just convince Security to configure all the firewalls to
provide NTP service to systems inside the various DMZs we could match up
all the logs.
> Maybe you already have a reliable time source in your
> A dedicated timeserver should be no problem for a bank (regarding the
> costs), otherwise I would be really worried if I was you :-)
> Kind regards,
> Walter L. Preuninger II wrote:
>> "Brad Knowles" <brad at stop.mail-abuse.org> wrote in message
>> news:mailman.0.1100131990.54146.questions at lists.ntp.isc.org...
>>>At 4:44 PM -0600 2004-11-10, Walter L. Preuninger II wrote:
>>>> Our president does not want any of our internal
>>>> connected to the internet. In fact, I have to go to a completely
>>>> office just to send this.... Only dedicated computers have internet
>>>In those kinds of cases, setting up your own internal time server that
>>>is directly connected to a refclock (e.g., GPS, WWV/WWVB/CHU/DCF77,
>>>ACTS) is probably the only option you're likely to have available to
>> Well, I have suggested it, but (and I do understand his resistance). We
>> are a bank. And if the internet ever does touch our internal network,
>> we have to deal with firewalls (another person, $) and intrustion
>> testing ($$$). The intrustion testing is mandated by our regulators.
>> Therefore, I want ACTS... even getting a real refclock is out of his
>> price range...
Avoid reality at all costs.
$email =~ s/n(.)a(.)n(.)a(.)e(.+)invalid/$1$2$3$4$5au/;
icbm: 33.43.46S 150.59.27E
More information about the questions