NTP Question

Answers to that include:

  • Keeping the Auditors happy
  • Knowing that “everyone does it” - the vendor told them so
  • Bragging rights (expensive hardware)
  • Being unbothered by fighting with facilities for building penetrations and antenna mounts
  • Misunderstanding the beauty and economy Dave Mills marvelous algorithms for consistent time based on multiple sources, even those connected via internet
  • Unwillingness or inability to leverage other local resources capacity to run ntpd with minimal impact in order to have a good constellation of local NTP servers
  • Willingness to farm out time service without doing a deep dive into why and how, just leaving the design to the appliance vendors
    This covers most of what I have encountered in providing enterprise time services for $dayjob+clients. I probably left out some significant points, but it has been a few years…

Harlan and Mehmet,

I can expand on one important reason that James only alluded to with his “Kepping the Auditors happy” comment.

Passing NTP through a firewall and then using that as a critical time reference source represents a huge security risk. Here’s one detailed explanation of that risk:



I have some significant disagreements with some of the assumptions and
positions in that posting, for whatever that's worth. And there are
some good points in there, too.