Passes the backhoe test, but might have an issue with the Die Hard Elevator Shaft Fight Scene checks.
:) On Thu, May 2, 2019 at 07:34 william manning <chinese.apri...@gmail.com> wrote: > for our PCI-DSS audit, the rational for at least -one- local source, > instead of depending on pool.ntp.org, was "backhoe fade". > it was worth the $135 for an NTP source using GPS. the cable run up the > elevator shaft for the antenna works without needing OSHPD permits. > > We are very happy with the result. > > /Wm > > On Wed, May 1, 2019 at 3:01 PM Andreas Ott <andr...@naund.org> wrote: > >> On Wed, May 01, 2019 at 02:35:58PM -0700, Harlan Stenn wrote: >> > - Why do folks want to have one or more NTP server masters that have at >> > least 1 refclock on them in a data center, instead of having their data >> > center NTP server masters that only get time over the internet? >> >> I had that discussion before with the QSA for a compliance audit, pointing >> to requirement "10.4.3 Time settings are received from industry-accepted >> time sources" and "verify that the time server(s) accept time updates from >> specific, industry-accepted external sources (to prevent a malicious >> individual from changing the clock)" in the PCI-DSS document. He >> non-jokingly suggested "why don't you use pool.ntp.org?", not really >> realizing how many servers are in fact just someone's PC behind a cable >> modem in their home, which negated the "do I trust the time I am >> receiving?". My immediate answer was "we could use NIST servers", >> but the easiest way out of this is "we operate our own NTP appliance >> with a GPS receiver" and provide that as evidence. >> >> Don't get me wrong, I support pool.ntp.org by operating and contributing >> servers to it, but it is not deemed good enough if you need traceability >> of your NTP time source(s), even though the pool will only admit members >> above a certain quality threshold. >> >> >> > - What % of data center operators provide time servers in their data >> > centers for their tenants (or for the general public)? >> >> My $employer does that in our datacenters and points of presence for >> our customers. >> >> -andreas >> -- >> Andreas Ott K6OTT +1.408.431.8727 andr...@naund.org >> >
