Hi, On Fri, Oct 14, 2022 at 10:27:16AM -0400, harbor235 via cisco-nsp wrote: > How are you integrating NTP into your infrastructures? Is it part of your > management network(s)?
NTP servers (appliances from Meinberg and regular FreeBSD servers, basically)
are just sitting "on the Internet" and our machines sync to them, and
monitor their relative times (= so if one is misbehaving, NTP will
do the right thing on its own, and monitoring will tell us so we can
fix it).
The machines protect themselves by local iptables rules for SSH/https,
and in-band by NTP access rules ("serve time to everyone, serve larger
responses only to management systems, do not believe anyone").
I've never understood this obsession on filtering things that are intended
to be put out in the wild.
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
