[ntp:questions] Secure NTP

jimp at specsol.spam.sux.com jimp at specsol.spam.sux.com
Sun Mar 27 21:38:26 UTC 2011


Maarten Wiltink <maarten at kittensandcats.net> wrote:
> <jimp at specsol.spam.sux.com> wrote in message
> news:5lpu58-278.ln1 at mail.specsol.com...
>> Uwe Klein <uwe_klein_habertwedt at t-online.de> wrote:
> [...]
>>> The $something trading solutions that require exact timematch
>>> ( remember the recent rush of ntp users
>>>   requiring u-second global time match )
>>> over a set of widely distributed hosts allow fraud in
>>> various ways if you can manipulate the time for some select host.
>>
>> One more time, if time is critical to your operation you do NOT have
>> one and only one NTP server.
>>
>> You have serveral servers with local GPS and CDMA NTP boxes.
>>
>> Let's see you spoof the Internet, GPS, and CDMA all at the same time.
> 
> I'll solve (the subproblems of) the big problems just like the little
> problems. One at a time.
> 
> That there are other lines of defence is no reason to neglect any one
> of them. Every single one is there in case the other ones fail. Any and
> all of the other ones.
> 
> You do not improve security by stacking the lemon meringue walls higher,
> or thicker.
> 
> Groetjes,
> Maarten Wiltink
 
You do not improve secuity by worrying about, and spending time on, imaginary
threats.
 

-- 
Jim Pennino

Remove .spam.sux to reply.




More information about the questions mailing list