Linux iTOps Tube

Wednesday, 23 November 2011

NTP Security

NTP Security

You should always be aware of how NTP can be affected by your network's security policy. Here are some common areas of concern.


Firewalls and NTP

NTP servers communicate with one another using UDP with a destination port of 123. Unlike most UDP protocols, the source port isn't a high port (above 1023), but 123 also. You'll have to allow UDP traffic on source/destination port 123 between your server and the Stratum 1/2 server with which you are synchronizing.

A sample Linux iptables firewall script snippet is in Appendix II, "Codes, Scripts, and Configurations".


NTP Authentication

There may be cases where you want to not only restrict NTP synchronization to specific networks but also to require a synchronization password. This is beyond the scope of this book, but is covered in detail at the NTP website www.ntp.org.


No comments:

Post a Comment