Endpoint Protection

 View Only

  • 1.  To NTP or Not NTP on Servers

    Posted Aug 16, 2010 07:23 AM
    Hello all. I would like this cleared up. Some say do NOT install NTP on Windows servers and some say do. They also say that IPS should be installed on servers. You cannot install IPS without NTP so I see a lot of contradictory information on this. Please clear this up and say once and for all that NTP should or should not be installed on Windows Servers.

    Thanks


  • 2.  RE: To NTP or Not NTP on Servers

    Posted Aug 16, 2010 07:33 AM

    Its not advice to install NTP and PTP on severs
    PTP will not work on server os ; it will be OFF - its by design
    since you might have external firewall no one wil install NTP as its rules wil block the functionality of the servers; thats y its not installed;
    if you have tested the firewall rules before install; then you can install NTP with no issues.



  • 3.  RE: To NTP or Not NTP on Servers



  • 4.  RE: To NTP or Not NTP on Servers
    Best Answer

    Posted Aug 16, 2010 08:00 AM

    This is a kind of myth that needs to be cleared.

    NTP can  be installed and is supported on a server OS.

    IN the days when RTM was relased i am taking about 2007 then we used to say  this but now NTP can be installed on all SERVER OS 32 bit as well as 64 bit.

    The "Scan for trojans and worms" and the "Scan for keyloggers" options are currently not supported on Windows server operating systems or 64-bit Windows that is the reason the PTP will say off or waiting for updates. In simple words only A COMPONENT OF SEP is not supported on the server OS , it does not mean that entire PTP is not supported.



  • 5.  RE: To NTP or Not NTP on Servers

    Posted Aug 16, 2010 09:19 AM
    You can install NTP in a server,but before installing you have to test throughly in a test environment because NTP is having firewall component which can stop any type of traffic.So if you test in a test you can create all necessary rules for allowing the required traffic....


  • 6.  RE: To NTP or Not NTP on Servers



  • 7.  RE: To NTP or Not NTP on Servers

    Posted Aug 16, 2010 11:46 AM

    You can install NTP for Intrusion Prevention and withdraw the firewall policy to put the firewall side of NTP in 'pass-through' mode.  See the link that Aravind provided, Best practices regarding Intrusion Prevention System Technology.

    It was a common recommendation when SEP first came out to put AV/AS only on a server, but with the way the threat landscape has changed, all components are recommended.  Definitely test on a small group of client computers (including servers) before deploying that feature set to them. The document How to add or remove features to existing Symantec Endpoint Protection client installations will walk you through how to change the feature set.

    sandra