On 4/11/2008, at 7:23 PM, Paul Ferguson wrote:
On Mon, Nov 3, 2008 at 10:15 PM, Glen Kent <[EMAIL PROTECTED]>
wrote:
Hi,
I was wondering what most folks use for NTP security?
Do they use the low cost, light weight symmetric key cryptographic
protection method using MD5 or do folks go in for full digital
signatures and X.509 certificates (AutoKey Security)?
I'm just wondering -- in globak scheme of security issue, is NTP
security a major issue?
Just curious.
Out of sync time was a big deal in James Bond 18 (Tomorrow Never Dies).
Anyway, pushing time out of sync seems an interesting way to break
services that require stuff to be synced up. Kerberos is one such
example.
Push a KDC out of sync from it's clients, and auth wouldn't happen
anymore. Seems like a simple way to kick router admins out of their
equipment if you're causing trouble, or at least, slow them down.
Of course, this only really works if your network has 3 reliable
+secure time sources + 1 for redundancy. I'm not sure that .*pool\.ntp
\.org would class as reliable+secure if you're concerned about NTP
security.
--
Nathan Ward
