Video Screencast Help

Network Threat Protection on Servers

Created: 23 Jul 2012 | 7 comments


I am having a disagrement with my Infratstructure team on having NTP turned on a standard Server.

I have the following configuration.

1. Workstations & Laptops have AV/PTP/NTP turned.

2. Servers both Citrix/Terminal Servers and DMZ based with both AV & NTP

3. I will say 80% of our other Servers also have AV and NTP turned on, no FW policy.

I believe that if any server has access to the internet be it, IE, FF or any other Browser that NTP should be installed and turned on. I am asking for an opinion?


Comments 7 CommentsJump to latest comment

pete_4u2002's picture

yes, NTP should be installed on the servers . However note the firewall rules should not block legit traffic.

check this link

Best Practices for Installing SEP on Windows Servers

usacc23's picture

Thanks, on Servers I have withdrawn the FW Policy since we are behind the FW here. I believe NTP is sufficient for us. Now if I could only get our Infrastruce team would agree.

Ian_C.'s picture

Thank fully, I've finally managed to convince our team to get NTP installed after long discussions. Now, whenever there is a problem with the server, it's the first component to be uninstalled "for troubleshooting purposes".

I have seen no additional overhead for having it installed. NTP with network teaming can be a pain though. We've also had Exchange servers block Outlook clients because of excessive downloading of the address book.

Your team needs to understand that NTP is beneficial. Because it is heuristics based, it detects malicious intent of the network traffic instead of AV relying on signatures. That means you have better protection against zero day exploits. Is that not enough reason to implement it?

Please mark the post that best solves your problem as the answer to this thread.
usacc23's picture


From your mouth to Gods ears. I appreciate your input on this. I keep banging heads, someday they will get it.

Thanks again.

Dushan Gomez's picture

So for the SEP v12.1 is this behaviour has been corrected or not yet ?

because I'm about to deploy it company wide in my test server first and then to my production servers.

Dushan Gomez
IT Manager
VCP 4 and 5 | MCITP Exchange Server | MCTS SharePoint Server | MCP Windows XP

usacc23's picture


All I can tell you on this, is that SEP 12.1 is much more powerful than 11. I also much stabler. I have a POC(Proof of Concept) right now, and have aboug 25 Clients on the system

It is working well, I would suggest to try only a few clients first and see how that goes.

My 2 Cents Right or Wrong.

Dushan Gomez's picture

Thanks for the advice usacc23, I'm in the middle of upgrade process to SEP 12.1 now :-)

Dushan Gomez
IT Manager
VCP 4 and 5 | MCITP Exchange Server | MCTS SharePoint Server | MCP Windows XP