Quote:
| Originally Posted by kuki9591 Any windows folk out there that can assist.
We had some penertration tests performed on some servers, one of the few things picked up was the Windows Time Service
Observation: The NTP service running on the server disclosed technical information that would be of use to an attacker in fingerprinting the Operating System on the server.
Recommendation: The configuration of the NTP service should be amended to prevent this type of disclosure
Would anybody have a clue as to how the time service can be secured from this type of scan?
Windows Server 2003 Enterprise SP2
Patched to Jan 2008
|
There are going to be several ways it could be done and the correct method will depend on your risk assessment. Are you worried about systems inside the local network knowing what OS the server is running?
The way I normally go about things is to restrict access at the LAN borders. Only allow NTP between the server/s and the trusted time providers. If you are a bit paranoid, fit an atomic or radio clock to a Domain Controller or two, use those as the source for all other time requests, and completely shut the door to NTP through the perimeter on the firewall.
If that still isn't good enough, happy trawling
