[ntp:questions] General ntp architecture question

Danny Mayer mayer at ntp.org
Tue Aug 3 03:05:19 UTC 2010

On 8/2/2010 5:52 PM, Ryan Malayter wrote:
> On Mon, Aug 2, 2010 at 12:27 PM, Terje Mathisen <"terje.mathisen at
> tmsw.no"@ntp.org> wrote:
>> unruh wrote:
>>> On 2010-08-02, konsu<konrad.azzopardi at gmail.com> Â wrote:
>>>> Thanks for your answers. Actually I do not know what are the criteria
>>>> to consider in deciding time requirements. This is a bank , we will
>>>> deploy VOIP soon and we have some dealers connected to reuters
>>>> network  {I am checking whether they have their own time sync}....so
>>>> for the rest, I do not see any reason why synchronization to the
>>>> internet would be an issue.
>>> BEcause financial transactions are often time sensitive. It would be
>>> embarassing if your clocks were 7 hours off, and some crooks knew this.
>>> I suspect you could be thoroughly defrauded if that were the case.
>> Much worse:
>> If you have any kind of trading department, then it is almost certainly a
>> requirement to have an auditable UTC clock reference.
> Even if you don't have a trading desk, you are still likely bound by
> PCI requirements for servicing debit and credit card transactions.
> These apply to all systems within the card data environment (which is
> essentially everything that can access a system where card data is
> held, no matter how indirectly.) The relevant audit questions are in
> section 10.4:

Ryan can you please give quote the reference to this document? You
didn't include it. You also didn't state in what jurisdiction this is valid.


> 10.4  Synchronize all critical system clocks and times
>    Obtain and review the process for acquiring and distributing the
> correct time within the organization, as well as the time-related
> system-parameter settings for a sample of system components, critical
> servers, and wireless access points. Verify the following is included
> in the process and implemented:
> 10.4.a Verify that NTP or similar technology is used for time synchronization
> 10.4.b Verify that internal servers are not all receiving time signals
> from external sources. [Two or three central time servers within the
> organization receive external time signals [directly from a special
> radio, GPS satellites, or other external sources based on
> International Atomic Time and UTC (formerly GMT)], peer with each
> other to keep accurate time, and share the time with other internal
> servers.]
> 10.4.c Verify that the Network Time Protocol (NTP) is running the most
> recent version
> 10.4.d Verify that specific external hosts are designated from which
> the time servers will accept NTP time updates (to prevent an attacker
> from changing the clock). Optionally, those updates can be encrypted
> with a symmetric key, and access control lists can be created that
> specify the IP addresses of client machines that will be provided with
> the NTP service (to prevent unauthorized use of internal time
> servers).
> See www.ntp.org for more information"
>> I suggest you do as Rob and David suggest, i.e. get yourself one or more
>> GPS-based Stratum 1 clocks, then define 4-6 primary servers which use
>> this/these GPS clocks plus a few internet servers as backup.
> Agreed. This is really a must-have for any financial services
> organization, and has been for a very long time. Once upon a time the
> mainframes dialed direct into NIST or USNO, but now internally
> managed, NTP-accessed GPS units (with redundancy) are all I have seen
> in the last decade.

More information about the questions mailing list