https://threatpost.com/novel-ntp-attacks-roll-back-time/115138/
Summary: NTP attack can invalidate an entire enterprise's crypto. All of it.
:shock: :kramer:
Quote from: deanwebb on October 22, 2015, 01:34:47 PM
https://threatpost.com/novel-ntp-attacks-roll-back-time/115138/
Summary: NTP attack can invalidate an entire enterprise's crypto. All of it.
Haha... that's like... "Yeah... f#@k your crypto... how you like them apples?"
Wow!
the hilarious thing is that when you think about it, the 'flaw' was there all along in the design i.e. reliance on time for PKI and a whole bunch of other security related protocols. Its just that nobody made a big deal about this until now. I read somewhere that exploiting NTP has been going on for quite some time.
Thing is, most NTP is handled as an afterthought on a server or router. If it's a dedicated device, it's not a hardened one.
We rolled (4) Microsemi (formerly Symmetricom) S300 SyncServers this year internally with GPS. I was very surprised to see they support TACACS/RADIUS, NTP MD5 Auth, SSL, and ACL rules to the admin interface. We are in the process of converting everything in the company over to these from AIX virtual servers that use various Internet NTP servers. NTP was always an afterthought here until we starting rolling Oracle RAC with multiple systems replicating and the clock drift was causing database entry problems. Now we are just using LANCOPE StealthWatch to catch the ones with hardcoded NTP servers in their configurations.
Cool application of the Netflow monitor. I like that angle.
Quote from: mmcgurty on October 26, 2015, 08:21:53 AM
We rolled (4) Microsemi (formerly Symmetricom) S300 SyncServers this year internally with GPS. I was very surprised to see they support TACACS/RADIUS, NTP MD5 Auth, SSL, and ACL rules to the admin interface. We are in the process of converting everything in the company over to these from AIX virtual servers that use various Internet NTP servers. NTP was always an afterthought here until we starting rolling Oracle RAC with multiple systems replicating and the clock drift was causing database entry problems. Now we are just using LANCOPE StealthWatch to catch the ones with hardcoded NTP servers in their configurations.
Sounds pretty cool, how much do those go for?
Quote from: SimonV on October 26, 2015, 01:59:12 PM
Quote from: mmcgurty on October 26, 2015, 08:21:53 AM
We rolled (4) Microsemi (formerly Symmetricom) S300 SyncServers this year internally with GPS. I was very surprised to see they support TACACS/RADIUS, NTP MD5 Auth, SSL, and ACL rules to the admin interface. We are in the process of converting everything in the company over to these from AIX virtual servers that use various Internet NTP servers. NTP was always an afterthought here until we starting rolling Oracle RAC with multiple systems replicating and the clock drift was causing database entry problems. Now we are just using LANCOPE StealthWatch to catch the ones with hardcoded NTP servers in their configurations.
Sounds pretty cool, how much do those go for?
$5500/ea not including the GPS amplifiers, lightning arrestors, and 3yr maintenance.
Quote from: mmcgurty on October 27, 2015, 07:24:12 AM$5500/ea not including the GPS amplifiers, lightning arrestors, and 3yr maintenance.
My response: http://www.satsignal.eu/ntp/Raspberry-Pi-NTP.html
Quote from: Reggle on October 28, 2015, 05:06:58 PM
Quote from: mmcgurty on October 27, 2015, 07:24:12 AM$5500/ea not including the GPS amplifiers, lightning arrestors, and 3yr maintenance.
My response: http://www.satsignal.eu/ntp/Raspberry-Pi-NTP.html
I like the solution but it is not an enterprise solution with a maintenance contract to back it and tech support to contact when it doesn't work.
True that of course :-)
Quote from: Reggle on October 28, 2015, 05:06:58 PM
Quote from: mmcgurty on October 27, 2015, 07:24:12 AM$5500/ea not including the GPS amplifiers, lightning arrestors, and 3yr maintenance.
My response: http://www.satsignal.eu/ntp/Raspberry-Pi-NTP.html
Thanks for the post, I think I am going to get one of these for my house just to play with.