Thursday, November 6, 2014

It Has Been a Long Couple of Weeks

Aaaand... I can't talk about the vast majority of it. Bummer, but also par for the course. So here are a couple of remarks about network time. Which seems to be something people take a bit too much for granted.
  • I can mount a coherent argument that verifiable, accurate timekeeping is the most valuable service that modern networked systems provide, save authentication and authorization services. 
  • It is likely that many (possibly a majority) of the designers and administrators of the systems that provide accurate network time do not understand common problems with ntpd WRT what they are actually trying to achieve, or evaluating the implications of moving to, say, chrony.
Just saying that for something as fundamental as I regard network timekeeping to be, sane behavior does not involve blind trust. It involves homework. The effort you can expend is of course directly proportional to how you weigh the criticality of network time. This obviously goes to the roots of estimating risk.

If you are confident that you have a good grip on this, and have considered it WRT to say, forensics and recoverability, fine. What I am worried about is that security professionals so often get trapped in a security trade-press news (are we safe from <recent news> questions) cycle. News, for at least a year now, has been worse than usual. That does not mean we can slack off on the fundamentals.

No comments:

Post a Comment

Comments on posts older than 60 days go into a moderation queue. It keeps out a lot of blog spam.

I really want to be quick about approving real comments in the moderation queue. When I think I won't manage that, I will turn moderation off, and sweep up the mess as soon as possible.

If you find comments that look like blog spam, they likely are. As always, be careful of what you click on. I may have had moderation off, and not yet swept up the mess.