General discussion

  • Creator
    Topic
  • #2179148

    Accurate time

    Locked

    by david.cullison ·

    We’ve recently installed a new firewall on our network and configured it to sync time with two different internet NTP sources. The firewall’s clock drifts up to one second when pulling time every 30 minutes. The vendor says this drift is normal, but that doesn’t sound right to me. How accurate does the law say time has to be if we ever tried to prosecute a hacker?

All Comments

  • Author
    Replies
    • #3136627

      Reply To: Accurate time

      by master3bs ·

      In reply to Accurate time

      I could not find a specific answer. However, I can’t believe that being off by only a second during the time pull would make a difference in prosecution.

      While possible unrelated; I did find this pdf document with good information on blocking rules and logging; with a snippit of information about rules for prosecution.
      http://ezine.daemonnews.org/200407/daemonnews200407.pdf

    • #3137309

      Reply To: Accurate time

      by hozcanhan ·

      In reply to Accurate time

      boss , why don’t you decrease the sync period . That is make the sync more frequently . You know where to reconfigure that ?

    • #3132098

      Reply To: Accurate time

      by secureplay ·

      In reply to Accurate time

      The most important thing for your logs is that they are internally consistent both within a computer and across multiple machines. Drift is not a major problem (and expected in most systems).

      If your environment has a very rigorous security requirement (not just a regular office), you can purchase an external clock device to provide a common, accurate clock that you can use across all of your computers.

      Also, the source of a lot of the drift is AC power cycle variations. Going to DC power will likely keep the clock more accurate… though your milage may vary based on the design of the devices.

Viewing 2 reply threads