Solved: Public Network Time Protocol("risk")

isaaco001 · ‎12-16-2016

Dear Community,

Does pointing a cisco router to a public ntp server as a time-source pose any security risk?

Thanks.

Regards,

Isaac.

Reza Sharifi · ‎12-16-2016

Isaac,

You need some sort of external time server to get the correct timing. One option would be to point your routers and other equipment to your internal servers (domain controllers) to get their timing and than the domain controllers get it from pool.ntp.org. The other option is to point your devices directly to an external resource. pool.ntp.org has many servers across the globe that serve many organizations. As long as you are only allowing NTP and nothing else, I don't think it is a security risk.

HTH

View solution in original post

Reza Sharifi · ‎12-16-2016

Should not be an issue as long as you only allow the NTP pool servers.

HTH

isaaco001 · ‎12-16-2016

Reza,

Thanks for your prompt response.To be more specific and to clarify I intend to use pool.ntp.org from support.ntp.org time servers.Please offer a brief explanation as to why the router would be able to poll this public server but not pose a security risk from the outside.

Regards,

Isaac.

Reza Sharifi · ‎12-16-2016

Isaac,

You need some sort of external time server to get the correct timing. One option would be to point your routers and other equipment to your internal servers (domain controllers) to get their timing and than the domain controllers get it from pool.ntp.org. The other option is to point your devices directly to an external resource. pool.ntp.org has many servers across the globe that serve many organizations. As long as you are only allowing NTP and nothing else, I don't think it is a security risk.

HTH

isaaco001 · ‎12-16-2016

Reza,

I will proceed with your recommendations.Thanks for the explanation.Keep it up!

Regards,

Isaac.