DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 30th March 2012
daemonfowl daemonfowl is offline
bsdstudent
 
Join Date: Jan 2012
Location: DaemonLand
Posts: 834
Default ntpd when improperly set ..

Hi !
let say that my clock is damaged and never keeps time .. or that I mischose time zone during installation or unset date or simply diabling ntp ..
my question is :
Does this have any impact on my system's security and/or reliability whether at the client or server level ?

Thanks very much.
Reply With Quote
  #2   (View Single Post)  
Old 30th March 2012
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Quote:
Does this have any impact on my system's security and/or reliability whether at the client or server level ?
Setting the time-of-day incorrectly means to have the wrong timezone setting or being off by some minutes or hours. This can certainly confuse anyone reading logs that use timestamps -- especially when comparing logs from one machine, with another machine when conducting root cause analysis. When recovering data in filesystems by timestamp, this could introduce integrity problems -- using the wrong backup for recovery, as an example.

The only security issue I could think of with an incorrect timestamp are when security systems use timestamps as part of the operational schema. Kerberos tickets used for authentication and authorization are timestamped and require participating systems to keep clocks in sync within specific tolerances.

If a time-of-day clock is malfunctioning, this means that all timestamps are untrustworthy -- this means that timestamps in logs, file metadata, authentication and authorization systems will be adversely affected.

If a system clock (time-of-day, msec or sec counter) is malfuctioning it might possibley weaking an encryption schema that uses clocks for key management. Weakened semantic security will occur if multi-use keys are not replaced within appropriate traffic windows. I don't know if any implementations use clocks rather than message counters...but the possibility exists..
Reply With Quote
  #3   (View Single Post)  
Old 30th March 2012
bmk1st bmk1st is offline
Port Guard
 
Join Date: May 2008
Posts: 25
Default

Cron jobs would be affected. You would not want them to run at improper time, such as backing up data at wrong time or running some scripts which affect performance of computers and impact users during a work day.
Reply With Quote
  #4   (View Single Post)  
Old 30th March 2012
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

Quote:
Originally Posted by bmk1st View Post
Cron jobs would be affected.
Taking jggimi's & bmk1st's comments one step further, systems with incorrect time is one thing, but if the clock is erratic to the point of skipping, this could adversely cause maintenance cron(8) scripts to not run (since their scheduled time was missed...) at all.
Reply With Quote
  #5   (View Single Post)  
Old 30th March 2012
daemonfowl daemonfowl is offline
bsdstudent
 
Join Date: Jan 2012
Location: DaemonLand
Posts: 834
Default

Jgimmi , bmk1st, Ocicat :
thank you so much !!!
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
FreeBSD Three FreeBSD security anouncements (Bind, ntpd and ZFS) J65nko News 0 6th January 2010 11:30 PM
Starting ntpd in cron for machines not always connected to the Net J65nko Guides 1 28th November 2009 03:49 AM
Local NTPd Server "bad peer" plexter OpenBSD General 24 9th September 2009 04:48 PM
ntpd strata too high error map7 FreeBSD General 0 17th June 2008 11:20 PM


All times are GMT. The time now is 10:28 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick