RECENT POSTS
- Introduction to FreeBSD Security Best Practices
- Working with Package Management in FreeBSD
- Understanding FreeBSD Security Advisories and Updates
- Troubleshooting Common System Administration Issues in FreeBSD
- Tips for Hardening FreeBSD to achieve System Protection
- Setting Up DHCP Server in FreeBSD
- Secure User and Group Management in FreeBSD Systems
- Secure Remote Access with SSH in FreeBSD
- Optimizing System Performance in FreeBSD
- Network Packet Capture with tcpdump in FreeBSD
- All posts ...
Do you have GDPR compliance issues ?
Check out Legiscope a GDPR compliance software, that will save you weeks of work, automating your documentation, the training of your teams and all processes you need to keep your organisation compliant with privacy regulations
Ntpsec
Jul 20, 2023
Network Time Protocol suite, refactored
A reimplementation of the NTP protocol daemon and tools in a secure way.
A major new feature is that it implements IETF’s Network Time Security standard for strong cryptographic authentication of time service.
Security improvements
- Network Time Security is implemented.
- The deprecated ntpdc utility, long a chronic locus of security vulnerabilities, has been removed
- Autokey is not supported; that code has been removed, as it was chronically prone to security vulnerabilities.
- Peer mode has been removed. The keyword peer in ntp.conf is now just an alias for keyword server.
- Broadcast- and multicast modes, which are impossible to secure, have been removed.
- The authentication requirement for remote configuration commands e.g., via ntpq can no longer be disabled.
- The deprecated and vulnerability-prone ntpdate program has been replaced with a shell wrapper around ntpdig.
Checkout these related ports:
- Zyre - Framework for proximity-based peer-to-peer applications
- Zsync - File transfer program
- Zmap - Internet scanner
- Zillion - Distributed computing project
- Zerotier - Network virtualization everywhere
- Zebra-server - Z39.50/SR server software
- Yptransitd - Replacement for nss_ldap
- Yggdrasil - Experimental end-to-end encrypted self-arranging IPv6 network
- Yconalyzer - TCP Traffic Analyzer
- Yazproxy - Powerful general purpose Z39.50/SRW/SRU proxy
- Yaz - Z39.50/SR client and API library
- Yaz++ - C++ toolkit for development of Z39.50v3 clients and servers
- Yate - Yet Another Telephony Engine
- Yaph - Yet Another Proxy Hunter (proxy scanner)
- Yami4 - Messaging library for distributed systems