[ntp:questions] Secure NTP

jimp at specsol.spam.sux.com jimp at specsol.spam.sux.com
Fri Mar 25 01:28:15 UTC 2011


Chris Albertson <albertson.chris at gmail.com> wrote:
> On Thu, Mar 24, 2011 at 2:26 PM,  <jimp at specsol.spam.sux.com> wrote:
> 
> 
>> When I see questions like this my first response is "Why all the bother?".
>>
>> There is nothing secret or proprietary about the time of day.
> 
> 
> Security is so that you know you are not being spoofed.  Or if you are
> providing the time so that you can prove to your users that you are
> who you claim to be and are not spoofing them.

The question was about clients authenticating to the server.

See below.

> There is the chance that someone might "impersonate" one of your
> servers or a server you use. and then make a computer's clock be set
> to the wrong time.   Again "who cares" if you only use your computer
> to serf the web and read emails but what if you were a bank processing
> ATM or visa card transactions or worse a computer routing trans or
> airplanes or controlling stop lights.
> 
> If I were smart enough to remotely control a computer's time, then I
> could maybe make stock trades with an effective trade date of four
> hours ago.  I could make a fortune.

If the time on a client is that important, you run multiple local servers
with backup like a GPS NTP box and you don't depend on getting the time
across the Internet.

If the time on a client is only "kind of" important, you still run multiple
servers, which means a majority of your servers would have to be spoofed
in sync before it would have any effect on the clients.

If your clients and server are on your local network, it is not very likely
your servers are going to be spoofed, and if it is you have bigger issues
than the time of day.




-- 
Jim Pennino

Remove .spam.sux to reply.




More information about the questions mailing list