[prev in list] [next in list] [prev in thread] [next in thread]
List: firewall-wizards
Subject: Re: RE: [fw-wiz] Acqusition of time
From: Joseph S D Yao <jsdy () center ! osis ! gov>
Date: 2003-01-30 20:36:18
[Download RAW message or body]
On Wed, Jan 29, 2003 at 12:29:56PM -0500, Paul D. Robertson wrote:
> On Wed, 29 Jan 2003, Brian Monkman wrote:
>
> > Ok - so something more specific this time.
> >
> > We are talking about a firewall farm. We want the time to be sync'ed
> > between all of the firewalls. Logs go to a central logging server.
> > Reason for the sync'ing, to ensure that time is accurate across all of
> > the firewalls in order to facilitate forensics and event correlation.
> >
> > In your opinion - should we have a battery backed-up clock on these
> > firewalls or is the network time source sufficient?
>
> If the criterion is that the firewalls be synchronized to some standard,
> then I suppose the real issue is what happens if a single firewall is
> rebooted and unable to reach either the time server or the logging server
> (if it's syslog, you don't even know you didn't get there?)
>
> (UDP-based syslogs were heavily affected by SQL-Slammer for instance.)
>
> Battery back-up helps for the reboot instance, and (potentially, though
> not normally) for the timeserver goes down instance. If there's defined
> behaviour for "system rebooted and couldn't reach the timeserver" and it's
> materially seperable from "just after midnight," then I don't suppose
> there's much of an issue, you can put things back together by deltaing
> once you do get reliable time information.
Battery back-up clocks MUST periodically have the network-based time
written into them! Otherwise, when the system re-boots, you get the
battery back-up clock's time, whatever it might just happen to be!
Most battery hardware clocks aren't very expensive, so this seems like
a cheap and reasonable backup to syncing off the NTP source(s).
--
Joe Yao jsdy@center.osis.gov - Joseph S. D. Yao
OSIS Center Systems Support EMT-B
-----------------------------------------------------------------------
PLEASE ... send or Cc: all "OSIS Systems Support"
mail to sys-adm@center.osis.gov
-----------------------------------------------------------------------
This message is not an official statement of OSIS Center policies.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic