Accurate timekeeping is very important for firewalls. Without reliable time data, security log analysis is very difficult and can lead to false results. Besides, if the firewall provides any auxiliary services that use timestamping, for example, a mail service, false time values can be disturbing, too. One of the few things that are still operating in the original, free and liberal spirit of the Internet is the Network Time Protocol service. There are a number of timeservers on the Internet that allow free connections from anywhere. For a complete list, see Appendix C, Further readings.
Companies typically connect to a Stratus 2-level timeserver on the Internet and then distribute time within their organization from a single time server source. Using the native NTP service, Zorp can function as a central timeserver for the entire organization, if needed. This service generally does not put a heavy load on the machine, nor does it pose a significant security risk, so it is generally acceptable to use Zorp as a timeserver for the internal machines.
Unlike application proxy plugins, native services operate as feature-complete software components, so the NTP component in Zorp is a real NTP server. NTP is generally not suitable for proxying, since the latency of the proxy component would not be constant but load–dependent rather. Packet filtering could work for NTP but application-level handling of traffic generally offers a higher level of security. NTP is handled by a native service based on these reasons.
Published on May 30, 2024
© BalaSys IT Ltd.
Send your comments to support@balasys.hu