In article <[email protected]>, Fran <[email protected]> wrote:
> On Jun 4, 3:13 pm, Greg Hennessy <[email protected]> wrote: > > On 2010-06-04, Fran <[email protected]> wrote: > > > > > On Jun 3, 4:49?pm, Greg Hennessy <[email protected]> wrote: > > >> > Do you know of any DISA IA approved COTS NTP servers ? > > > > >> Why not use tick.usno.navy.mil or tock.usno.navy.mil? Only half a > > >> smiley. > > > > > Thats a funny one Greg, thanks! > > > > On the serious side, if you are worried about having to follow DISA > > STIGS, then it seems safe to assume you are on NIPR or SIPR nets, in > > which case it is probably easier to use the USNO supplied time service > > rather than recreating your own. If for redundancy you wish to run > > your own NTP servers (which you should point to USNO since USNO is > > what all DoD sources are *SUPPOSED* to be using), I'm not aware of any > > COTS NTP servers that are DISA IA approved out of the box. > > Greg, thanks again for your help. > > We are running on a private net inside a lab, no connections outside > of the lab. We'll run the NTP server either with a LOCAL reference > clock driver, IRIG-B, or with GPS. GPS would be the simplest solution, and there are many classified networks with GPS timeservers, so there is ample precedent. For IA, the key is that a GPS receiver does not connect in any way to the internet, so there is no way for someone to hack in via the GPS receiver. The fact that GPS is a DoD system doesn't hurt either. > A short email with Symmetricom said in essence: although there is no > 'IA-mode' to put the NTP servers in, the NTP server is already running > a limited amount of services, there are controls to further disable > service and ports. Therefore its seems likely to me the NTP server > could be configured as required. > > The devil is in the details however. So I would need to get funded for > time to get smart on the applicable IA requirements, get a suitable > COTS NTP server, configure and test it. Its likely we can get we we > want, but its not going to be a simple button push like the managers > would like to hear it is. Lots of things on networks lack anything resembling "IA mode" (whatever that is), and yet life goes on. Joe Gwinn
_______________________________________________ questions mailing list [email protected] http://lists.ntp.org/listinfo/questions
