General discussion

Locked

Accurate time

By David.Cullison ·
We've recently installed a new firewall on our network and configured it to sync time with two different internet NTP sources. The firewall's clock drifts up to one second when pulling time every 30 minutes. The vendor says this drift is normal, but that doesn't sound right to me. How accurate does the law say time has to be if we ever tried to prosecute a hacker?

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by master3bs In reply to Accurate time

I could not find a specific answer. However, I can't believe that being off by only a second during the time pull would make a difference in prosecution.

While possible unrelated; I did find this pdf document with good information on blocking rules and logging; with a snippit of information about rules for prosecution.
http://ezine.daemonnews.org/200407/daemonnews200407.pdf

Collapse -

by hozcanhan In reply to Accurate time

boss , why don't you decrease the sync period . That is make the sync more frequently . You know where to reconfigure that ?

Collapse -

by secureplay In reply to Accurate time

The most important thing for your logs is that they are internally consistent both within a computer and across multiple machines. Drift is not a major problem (and expected in most systems).

If your environment has a very rigorous security requirement (not just a regular office), you can purchase an external clock device to provide a common, accurate clock that you can use across all of your computers.

Also, the source of a lot of the drift is AC power cycle variations. Going to DC power will likely keep the clock more accurate... though your milage may vary based on the design of the devices.

Back to Security Forum
3 total posts (Page 1 of 1)  

Related Forums