reliable network time protocol (NTP) servers to ensure accuracy and availability of

time information. Set all NTP messages with the same IP source address of an interface on the internal network. This configuration will allow the administrator to create a TCP/IP filter that allows time information only from the internal IP address of the router or the firewall to the external NTP servers. This filter will help to prevent spoofing or flooding NTP messages to the router or the firewall. Include a more specific timestamp in each log message and each debug message. This will allow an administrator to trace network attacks more credibly.

. By default, a log message contains the IP address of the interface it uses to leave the router or the firewall. Instead, set all log messages with the same IP source address of an interface on the internal network, regardless of which interface the messages use. This configuration will allow the administrator to create a TCP/IP filter that allows logs only from the internal IP address of the router or the firewall to the logging host. This filter will help to prevent spoofing or flooding log messages to the logging host. . Finally, consider also sending the logs to a dedicated printer to deal with worst-case scenarios, e.g., failure of the log host.
Next topic
Previous topic