Secure NTP Proxy
The common industry practice where networks are partitioned into security zones using conventional firewalls creates a problem for NTP, requiring network administrators to choose between two equally unacceptable alternatives: prevent NTP traffic from passing through the firewall, effectively isolating the devices beyond from the primary time servers, or allow NTP traffic to pass through the firewall, accepting the associated security risks.
ZoneRanger resolves this dilemma, acting as an application-layer proxy firewall for NTP traffic, enabling network devices and servers to effectively reach back through the firewalls to the centralized time servers, while mitigating the associated security risks through careful inspection and filtering of all NTP traffic.
ZoneRanger’s NTP proxy service can be configured to operate in either of two modes:
- The ZoneRanger can obtain its time from a centralized NTP server, and can act as a secondary time server, responding autonomously to NTP requests from client devices.
- The ZoneRanger can act as straight NTP protocol proxy, inspecting NTP requests received from client devices, relaying valid requests onto a centralized timer server, and relaying server responses back to the requesting clients.
- HTTP / HTTPS
- NetFlow / sFlow
- TACACS+ / RADIUS
- Telnet / SSH