Time Server - synching with an external source

[Microsoft NewsGroups]

Seems like I remember reading somewhere that there was a "security risk"
involved when synching with an external time server source such as a atomic
time service on the Internet. Is this true, and what is the risk?

What do others do to keep their internal time server accurate?
Thanks

 

[Stefan Buchman]

There is no real risk doing this. Since you are initiating the call you
can manage it using a pinhole rule on your router for the NTP port
(TCP/123) just don't allow outbound initiated connections to that server
for NTP.

- Stefan

 

[Rick Chisholm]

i use a hardened freebsd box - it syncs to the internet atomic clock(s),
then my MS boxes sync with it.

Rick

 

[Eric Chamberlain]

Seems like I remember reading somewhere that there was a "security risk"
involved when synching with an external time server source such as a atomic
time service on the Internet. Is this true, and what is the risk?

NTP is not authenticated, and you are accessing an external source, the NTP
traffic could be spoofed.

What do others do to keep their internal time server accurate?

We use a Spectracom WWVB Radio Clock and a Trimble Navigation GPS Clock
connected to our Stratum 1 servers.

 

[JohnB]

Thanks.

NTP is not authenticated, and you are accessing an external source, the NTP
traffic could be spoofed.


We use a Spectracom WWVB Radio Clock and a Trimble Navigation GPS Clock
connected to our Stratum 1 servers.