Thread: Securing Windows Time service
View Single Post
  #5 (permalink)  
Old 14-02-08, 02:48 PM
thehappychappy's Avatar
thehappychappy thehappychappy is offline
Just A Diver
Recent Blog: Diving in Bali, August 2008
  

Join Date: Oct 2005
Location: Hamilton, Scotland.
Posts: 2,043
thehappychappy communes with fishthehappychappy communes with fishthehappychappy communes with fishthehappychappy communes with fishthehappychappy communes with fishthehappychappy communes with fishthehappychappy communes with fishthehappychappy communes with fishthehappychappy communes with fishthehappychappy communes with fishthehappychappy communes with fish
If your not allowing NTP traffic outside of your "trusted perimeter" then its not really an issue.

your risk assessment will most likely mitigate the attack chances via internal security mechanisms.

i.e. only authorised personal on-site, only approved equipment allowed to connect to lan.


Time is critical in the AD domain and its just not worth the risk trying to be too paranoid about it.

Time needs to get to all servers and within the AD structure the client machines.

It's the clients that can be the tricky bit.

I'm assuming your clients and some servers in a distributed environment are all over the place.

Davie



P.S there is a decent article on Windows Time Service at technet http://technet2.microsoft.com/Window...0c0181033.mspx
__________________


They say that when you run a Microsoft DVD backwards you can hear demonic voices... But that's nothing - When you run it forwards it installs Vista...
Reply With Quote