Bill, That still leaves you open to NTP attacks. The USNO accuracy and monitoring is worthless if you suffer, for example, an NTP DDoS attack.
<https://www.cloudflare.com/learning/ddos/ntp-amplification-ddos-attack/> [ddos-lc.png] NTP amplification DDoS attack<https://www.cloudflare.com/learning/ddos/ntp-amplification-ddos-attack/> cloudflare.com<https://www.cloudflare.com/learning/ddos/ntp-amplification-ddos-attack/> There are also replay and Man in the middle attacks (MITM) which can corrupt local NTP servers’ time basis. Worse, security flaws in NTP make others security protocols, such as SSL, vulnerable. https://www.sidn.nl/en/news-and-blogs/security-flaws-in-network-time-protocol-make-other-security-protocols-vulnerable if you can eliminate such security problems for $400, I say it’s cheap at twice the price. -mel On Aug 5, 2023, at 6:18 PM, William Herrin <b...@herrin.us> wrote: On Sat, Aug 5, 2023 at 12:26 PM Mel Beckman <m...@beckman.org> wrote: You might consider setting up your own GPS-based NTP network. GPS time is monitored (and when necessary, adjusted) from the U.S. Naval Observatory Master Clock, which is -the- authoritative time source for the United States. The USNO also provides an NTP time source from the same master clock: https://www.cnmoc.usff.navy.mil/Our-Commands/United-States-Naval-Observatory/Precise-Time-Department/Network-Time-Protocol-NTP/ You -should not- just point your servers there, but it's useful to point a few servers each at one of them in order to serve as your network stratum 2 sources that keep the rest of your machines in sync with each other. That last point is key. You don't want your servers in sync with random Internet time sources. You want them in sync with each other. Regards, Bill Herrin -- William Herrin b...@herrin.us https://bill.herrin.us/
