Hello All,

What's best way to secure NTP - ACL or keys using?

Thanks,

what's wrong with both? keys is a more generic app level solution, but if can remove vast blocks of irrelevant ip addresses with ACL's, why not?

The best way to secure NTP is to use a secure NTP client and daemon: OpenNTPD.org

It's designed from the ground up as a secure replacement to the traditional xntpd, which is quite bloated and was never designed to be secure.

ok, let ask which one better prevent from IP spoofing?

Thanks, but unfortunately cannot be implemented...

Actually... this question isn't by any chance from a homework assignment, is it? From the way you phrase your question it seems... fishy.

Edit: Hmm, from the other thread you posted the answer to my question is looking like "yes".

Any other recommendations please?

Please answer the question. Homework *is* against the LQ rules.

The answer is NO.

Then could you describe what environment you're operating where you need to imlement secure NTP, but cannot use the secure NTP client/server software? What kind of servers are you running (as in, what networks services are they providing)? What operating sytem are the servers and/or clients running? Why do you need to run NTP at all?

If you can convince me that it's a legitimate question, I'll give you the answer. In the mean time I'm not buying your story.

Well...Firstly, thank you for advertising your extensive knowledge in the investigation process.
Secondly, the answers are embedded.

Client' production environment

RH, HP, Solaris that are running different applications thru ssh(sftp), r-services, RPC, etc

go to the Google to find why do you need time sync between the servers...

when you'll finish with this investigation process you can start with another one instead of really help

well that's informative... you apparently have a blank canvas yet are.. not allowed to implemnt an ideal solution?
Ahh, nice to see people after help are still prepared to be patronizing.

@owbr4dh02: you know the GIGO principle. If you don't provide information on which we can base advice then this thread ain't gonna help nobody and making irrelevant remarks doesn't help your case either.
@all: OK, now y'all focus on answering the question or bail out of this thread. Keep it factual, OK?

I know why NTP is valuable, but I wasn't asking for my education, I was asking to help me determine if you had a relevant project you wanted the information for, or whether it was part of a homework assignment for school that you were trying to cheat on. The main reason I am so suspicious is because the answer to your question is so obvious, I figured if your job involed networking tasks you would be able to intuitively figure out the answer.

As for answering your question, the funny thing about asking people for help is they're suddenly less motivated if you act like a jerk.

HAND.