On Fri, 2002-12-06 at 04:07, Ogle Ron (Rennes) wrote: > > If you don't want to open your firewall, then create at least 2 PC/GPS > systems and deploy hopefully in different locations. Then configure your > clients to point to both servers. Yes, been there, done that. From a purely architectural perspective, it's fine. However, here's the catch: if you deploy a more-or-less usable NTP infrastructure, and you rely on that to get timestamps, and a cracker gets into your system, disables ntpd and changes the system clock, you're screwed. So yes, do all your tricks, deploy local NTP servers in DMZs, use multiple redundant Stratum 0 clocks, but also collect both timestamps: from the systems, and from the syslog server. -- Florin Andrei "If you play the WinXP CD backwards, you get a satanic message." "That's nothing, if you play it forward, it installs WinXP." _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Fri Dec 06 2002 - 20:23:12 PST