Need trusted NTP Sources

jamie rishaw j at arpa.com
Thu Feb 6 14:28:47 UTC 2014


PCI DSS only requires that all clocks be synchronized; It doesn't
/require/ "how".

If you have servers getting time from external sources (authenticated
always a plus) and peering with each other internally, then you comply
with PCI DSS 2.0 (3.0 has no changes to this that I'm aware of).

OTOH, I'm surprised nobody has mentioned
http://www.team-cymru.org/ReadingRoom/Templates/secure-ntp-template.html

-j

On Thu, Feb 6, 2014 at 6:53 AM, Notify Me <notify.sina at gmail.com> wrote:
> Raspberries! Not common currency here either, but let's see!
> grateful for all the input and responses, this list is amazing as usual.
>
> On Thu, Feb 6, 2014 at 1:41 PM, Aled Morris <aledm at qix.co.uk> wrote:
>> On 6 February 2014 12:30, Martin Hotze <m.hotze at hotze.com> wrote:
>>
>>> > I'm trying to help a company I work for to pass an audit, and we've
>>> > been told we need trusted NTP sources (RedHat doesn't cut it). Being
>>> > located in Nigeria, Africa,
>>>
>>  [...]
>>
>>> So build your own stratum 1 server (maybe a second one with DCF77 or
>>> whatever you can use for redundancy),
>>>
>>
>> I don't think DCF77 is going to reach Nigeria.
>>
>> Aled
>



-- 
jamie rishaw // .com.arpa at j <- reverse it. ish.

"Reality defeats prejudice." - Rep. Barney Frank



More information about the NANOG mailing list