NTP, possible solutions, and best implementation
Ariel Biener
ariel at fireball.tau.ac.il
Thu Oct 2 14:54:25 UTC 2003
Hi,
Assuming one wanted to provide a high profile (say, at the TLD level) NTP
service, how would you go about it ?
The possibilities I encountered are diverse, the problem is not the
back-end device (be it a GPS based NTP source + atomic clock backup, based on
cesium or similar), but the front end to the network. Such a time service is
something that is considered a trusted stratum 1 server, and assuring that no
tampering with the time is possible is of very high priority, if not top
priority.
There are a few NTP servers solutions, I like the following comparison
between one company's products (Datum, merged into Symmetricom):
http://www.ntp-systems.com/product_comparison.asp
However, when you put such a device on a network, you want to have some
kind of clue about the investment made in that product when security comes to
mind, and also the turnaround time for bug fixes should such security bug
become public. Here is the problem, or actually, my problem with these
devices. I know that if I use a Unix machine or a Cisco router as front end
to the network for this back-end device, then if a bug in NTP occurs, Cisco
or the Unix vendor will fix it quickly. BUT!, if I want to put the device
itself on the network, as this is what a NTP device was built for, I feel
that I have no real sense of how secure the device really is, and how long it
would take for the vendor to actually fix the bug, should such be discovered.
It's a black box, and I am supposed to provide a secure time source based on
... "what ?"
This is my dillema. While I don't want to put a NTP front end, which
becomes a stratum 2 in this case, but to provide direct stratum 1 service to
stratum 2 servers in the TLD in question, I do not know how can I safely
trust a device that I have no experience with how the vendor deals with bugs,
and also, I have no idea what is the underlying software (although it's safe
to assume that it is an implementation of xntpd, in one form or the other).
Did any of you have to create/run/maintain such a service, and does any of
you have experience with vendors/products that can be trusted when security
is concerned (including the vendor and the products I specified above).
thanks for your time,
--Ariel
--
Ariel Biener
e-mail: ariel at post.tau.ac.il
PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html
More information about the NANOG
mailing list