Unsynchronised clocks are a network security hazard and, believe it or not, time discrepancies can lead to major breaches, causing untold disruption. What are the problems that can arise and how do you maintain time synchronisation? Find out here…
Archive for the ‘ntp security’ Category
Accurate time is one of the most important aspects to keeping a computer network secure and safe. Places such as stock exchanges, banks and air traffic control rely on secure and accurate time. As computers rely on time as their only reference for when events happen, a slight error in a time code could lead to all sorts of errors, from millions being wiped off share prices to aeroplane flight paths being incorrect.
And time doesn’t just need to be accurate for these organizations, but secure too. A malicious user who interferes with a timestamp could cause all sorts of trouble, so ensuring time sources are both secure and accurate is vital.
Security is increasingly important for all sorts of organisations. With so much trade and communication conducted over the internet, using a source of accurate and secure time is as important a part of network security as anti-virus and firewall protection.
Despite the need for accuracy and security, many computer networks still rely on online time servers. Internet sources of time are not only unreliable, with inaccuracies commonplace, and distance and latency affecting the precision, but an Internet time server is also unsecure and able to be hijacked by malicious users.
But an accurate, reliable and completely secure source of time is available everywhere, 365 days a year—GPS.
While commonly thought of as a means of navigation, GPS actually provides an atomic clock time code, direct from the satellite signals. It is this time code that navigation systems use for calculating position but it is just as effective to provide a secure time stamp for a computer network.
Organizations that rely on accurate time for safety and security all use GPS, as it is a continuous signal, that never goes down, is always accurate and can’t be interfered with by third parties.
To utilise GPS as a source of time, all that is required is a GPS time server. Using an antenna, the time server receives the GPS signal, while NTP (Network Time Protocol) distributes it around the network.
With a GPS time server, a computer network is able to maintain accuracy to within a few milliseconds of the atomic clock time signal, which is translated into UTC time (Coordinated Universal Time) thanks to NTP, ensuring the network is running the same accurate time as other networks also synchronised to a UTC time source.
The stock market has been in the news a lot lately. As global uncertainty about national debts rise, the markets are in flux, with prices changing incredibly quickly. On a trading floor, every second counts and precise time is essential for global buying and selling of commodities, bonds and shares.
The international stock exchanges such as the NASDAQ and London Stock Exchange all require accurate and precise time. With traders buying and selling shares for customers across the globe, a few seconds of inaccuracy could cost millions as share prices fluctuate.
NTP servers linked to atomic clock timing signals ensure that the stock exchange keeps an accurate and precise time. As computers across the globe all receive the stock prices, as and when they change, these two use NTP server systems to maintain time.
The global timescale UTC (Coordinated Universal Time) is used as the basis for atomic clock timing, so no matter where a trader is on the globe, the same timescale prevents confusion and errors when dealing with stocks and shares.
Because of the billions of pounds worth of stocks and shares that are bought and sold on trading floors every day, security is essential. NTP servers work externally to networks, getting their time from sources such as GPS (Global Positioning System) or radio signals put out by organisations like the National Physical Laboratory (NPL) or the National Institute for Standards and Time (NIST).
The stock exchanges can’t use a source of internet because of the risk this could pose. Hackers and malicious users could tamper with the time source, leading to mayhem and cost millions and perhaps billions if the wrong time was spread around the exchanges.
The precision of internet time is limited too. Latency over distance can create delays, which could lead to errors, and if the time source ever went down, the stock markets could hit trouble.
It is not only stock markets that need precise and accurate time, computer networks across the globe concerned about security use dedicated NTP servers like Galleon Systems’ NTS 6001. Providing accurate time from both GPS and radio signals from NPL and NIST, the NTS 6001 ensure accurate, precise and secure time every day of the year.
Computer hacking is a common subject in the news. Some of the biggest companies have fallen victim to hackers, and for a myriad of reasons. Protecting computer networks from invasion from malicious users is an expensive and sophisticated industry as hackers use many methods to invade a system.
Various forms of security exist to defend against unauthorised access to computer networks such as antivirus software and firewalls.
One area often overlooked, however, is where a computer network gets it source of time from, which can often be a vulnerable aspect to a network and a way in for hackers.
Most computer networks use NTP (Network Time Protocol) as a method of keeping synchronised. NTP is excellent at keeping computers at the same time, often to within a few milliseconds, but is dependent on a single source of time.
Because computer networks from different organisations need to communicate together, having the same source of time makes sense, which is the reason most computer networks synchronise to a source of UTC (Coordinated Universal Time).
UTC, the world’s global timescale, is kept true by atomic clocks and various methods of utilising UTC are available.
Quite often, computer networks use an internet time source to obtain UTC but this is often when they run into security issues.
Using internet time sources leave a computer network open to several vulnerabilities. Firstly, to allow access to the internet time source, a port needs keeping open in the system firewall (UDP 123). As with any open port, unauthorised users could take advantage of this, using the open port as a way into the network.
Secondly, if the internet time source itself if tampered with, such as by BGP injection (Border Gateway Protocol) this could lead to all sorts of problems. By telling internet time servers it was a different time or date, major havoc could ensue with data getting lost, system crashes—a type of Y2K effect!
Finally, internet time servers can’t be authenticated by NTP and can also be inaccurate. Vulnerable to latency and affected to distance, errors can also occur; earlier this year some reputable time servers lost several minutes, leading to thousands of computer networks receiving the wrong time.
To ensure complete protection, dedicated and external time servers, such as Galleon’s NTS 6001 are the only secure method of receiving UTC. Using GPS (or a radio transmission) an external NTP time server can’t be manipulated by malicious users, is accurate to a few milliseconds, can’t drift and is not susceptible to timing errors.
Security is an essential aspect for any computer network. With so much data now available online, giving ease of access to permitted users, it is important to prevent unauthorised access. Failure to secure a computer network can lead to all sorts of problems for a business, such as data theft, or the network crashing and preventing authorised users from working.
Most computer networks have a firewall, which controls access. A firewall is perhaps the first line of defence in preventing unauthorised access, as it can screen and filter traffic attempting to get on to the network.
All traffic attempting to gain access to the network has to pass through the firewall; however, not all unauthorised attempts to gain access to a network is from people, malicious software is often used to gain access to data or disrupt a compute network, and often these programs can get past this first line of defence.
Different forms of malicious software can gain access to computer networks, and include:
- Computer Viruses and Worms
These can change or replicate existing files and programs. Computer viruses and worms often steal data and send it to unauthorised users.
Trojans appear as harmless software but contains viruses or other malicious software hidden in the program and are often downloaded by people thinking they are normal and benign programs.
Computer programs that spy on the network, reporting to unauthorised users. Often spyware can run undetected for a long time.
A botnet is a collection of computers taken over and used to perform malicious tasks. A computer network can fall victim to a botnet or unwillingly become part of one.
Computer networks are attacked in other ways too, such as bombarding the network with access requests. These targeted attacks, called denial-of-service attacks (DDoS attack), can prevent normal use as the network slows down as it tries to deal with all attempts at access.
Protecting Against Threats
Besides the firewall, antivirus software forms the next line of defence against malicious programs. Designed to detect these types of threats, these programs remove or quarantine malicious software before they can do damage to the network.
Antivirus software is essential for any business network and needs regular updating to make sure the program is familiar with all the latest types of threats.
Another essential method for ensuring security is to establish accurate synchronisation of the network. Making sure all machines are running the exact same time will prevent malicious software and users from taking advantage of time lapses. Synchronising to a NTP server (Network Time Protocol) is a common method of ensuring synchronised time. While many NTP servers exist online, these are not very secure as malicious software can hijack the time signal and enter the computer firewall via the NTP port.
Furthermore, online NTP servers can also be attacked leading to the incorrect time being sent to computer networks that access the time from them. A more secure method of getting precise time is to use a dedicated NTP server that works externally to the computer network and receives the time from a GPS (Global Positioning System) source.
The media is full of stories of cyber terrorism, state sponsored cyber warfare and internet sabotage. While these stories may seem like they come from a science fiction plot, but the reality is that with so much of the world now dependent on computers and the internet, cyber attacks are a real concern for governments and businesses alike.
Crippling a website, a government server or tampering with systems like air-traffic control can have catastrophic effects—so no wonder people are worried. Cyber attacks come in so many forms too. From computer viruses and trojans, that can infect a computer, disabling it or transferring data to malicious users; distributed denial of service attacks (DDoS) where networks become clogged up preventing normal use; to border gateway protocol (BGP) injections, which hijack server routines causing havoc.
As precise time is so important for many technologies, with synchronisation crucial in global communication, one vulnerability that can be exploited is the online time server.
By sabotaging a NTP server (Network Time Protocol) with BGP injections, servers that rely on them can be told it’s a completely different time than it is; this can cause chaos and result in a myriad of problems as computers rely solely on time to establish if an action has or hasn’t taken place.
Securing a time source, therefore, is essential for internet security and for this reason, dedicated NTP time servers that operate externally to the internet are crucial.
Receiving time from the GPS network, or radio transmissions from NIST (National Institute for Standards and Time) or the European physical laboratories, these NTP servers can’t be tampered with by external forces, and ensure that the network’s time will always accurate.
All essential networks, from stock exchanges to air traffic controllers, utilise external NTP servers for these security reasons; however, despite the risks, many businesses still receive their time code from the internet, leaving them exposed to malicious users and cyber attacks.
Remember the turn of the millennium. Whilst many of us were counting down the seconds until midnight, there were network administrators across the globe with their fingers crossed hoping their computer systems will still be working after the new millennium kicked in.
The millennium bug was the result of early computer pioneers designing systems with only two digits to represent the time as computer memory was very scarce at the time. The problem didn’t arise because of the turn of the millennium, it arose because it was the end of the century and two digit year flicked around to 00 (which the machines assume was 1900)
Fortunately by the turn of the millennium most computers were updated and enough precautions were taken that meant that the Y2K bug, as it became known, didn’t cause the widespread havoc it was first feared.
However, the Y2K bug is not the only time related problem that computer systems can be expected to face, another problem with the way computers tell the time has been realised and many more machines will be affected in 2038.
The Unix Millennium Bug (or Y2K38) is similar to the original bug in that it is a problem connected with the way computers tell the time. The 2038 problem will occur because most machines use a 32 bit integer to calculate the time. This 32 bit number is set from the number of seconds from 1 January 1970, but because the number is limited to 32 digits by 2038 there will be no more digits left to deal with the advance of time.
To solve this problem, many systems and languages have switched to a 64-bit version, or supplied alternatives which are 64-bit and as the problem will not occur for nearly three decades there is plenty of time to ensure all computer systems can be protected.
However, these problems with timestamps are not the only time related errors that can occur on a computer network. One of the most common causes of computer network errors is lack of time synchronization. Failing to ensure each machine is running at an identical time using a NTP time server can result in data being lost, the network being vulnerable to attack from malicious users and can cause all sorts of errors such as emails arriving before they have been sent.
To ensure your computer network is adequately synchronized an external NTP time server is recommended.