Archive for the ‘NTP configuration’ Category

Why Bother Using a NTP Time Server?

Tuesday, November 10th, 2009

Keeping computers synchronized on a network is vitally important, especially if the network in question deals with time sensitive transactions. And failing to keep a network synchronized can cause havoc leading to errors, vulnerabilities and endless problems with debugging.

However with the amount of online time servers available from reputable places such as NIST or Microsoft it is often queried as to why computer networks need to be synchronised to an external NTP time server.

These dedicated NTP devices are often seen as an unnecessary expense and many network administrators simply forgo them and connect to an online time server, after-all, it does the same job doesn’t it?

Actually there are two major reasons why NTP time servers are not only important but essential for most computer networks and to overlook them could be costly in many ways.

Let me explain. The first reason why an external NTP server is important is accuracy. It’s not that internet time sources are generally inaccurate (although many are) but there is the question of distance the time reference has to travel. Furthermore, in times when the connection is lost -whether it’s because of a local connection fault or the time server itself goes down – the network will start to drift until the connection is restored.

Secondly and perhaps most important is the security issues involved in using an Internet time source. The main problem is that if your connection to a time server through the then a open port (UDP 123 fro NTP requests) has to be left open, And as with any open port that can used as a gateway for malicious software and users.

The reason dedicated NTP time servers are essential for computer networks is that they work completely independently and external to the network’s firewall. Instead of accessing a time source across the Internet they use either GPS or radio transmissions to get the time. And in doing so they can provide accurate time all the time without fear of losing a connection or allowing a nasty Trojan through the firewall.

Time Synchronization on Windows 7

Wednesday, November 4th, 2009

Windows 7, the latest operating system from Microsoft is also their first operating system that automatically synchronizes the PC clock to an internet source of UTC time (Coordinated Universal Time). From the moment a Windows 7 computer is switched on and is connected to the Internet it will request time signals from the Microsoft time service – time.windows.com.

While for many home users this will save them the hassle of setting and correcting their clock as it drifts, for business users it may be problematic as internet time sources are not secure and receiving a time source through the UDP port on the firewall could lead to security breaches and as Internet time sources can’t be authenticated by NTP (Network Time Protocol) the signals can be hijacked by malicious users.

This internet time source can be deactivated by opening the clock and date dialogue box, and opening the Internet Time tab, clicking the ’Change’ setting button and unchecking the ‘Synchronize with an Internet time server option.’

Whilst this will unsure no unwanted traffic will be coming through your firewall it will also mean that the Windows 7 machine will not be synchronised to UTC and its timekeeping will be reliant on the motherboard clock, which will eventually drift.

To synchronize a network of Windows 7 machines to an accurate and secure source of UTC then the most practical and simplest solution is to plug in a dedicated NTP time server. These connect directly to a router or switch and enable the safe receiving of an atomic clock time source.

NTP time servers use the highly accurate and secure GPS signal (Global Positioning System) available everywhere on the planet or more localized long wave radio signals transmitted by several national physics laboratories such as NIST and NPL.

Configuring a Dedicated NTP Time Server on Windows 7

Saturday, October 31st, 2009

Windows 7 is the very latest operating system from Microsoft. Replacing the rather disappointing Windows Vista, Windows 7 promises to correct the flaws that made its predecessor so unpopular.

One of the changes Windows 7 makes is that it automatically synchronizes the time using the Windows Time service located at windows.time.com. Whilst this is an accurate stratum 2 time server, managed by Microsoft, it can be changed for another source of Internet time. However, even Microsoft recommend that Internet time sources should not used for computer networks as they can’t be authenticated by the time protocol NTP (Network Time protocol). Furthermore, an internet time source needs a port left open in the firewall for the time signals to make it through. Any open port in a firewall can be used by a malicious user to gain access to the network.

For a secure, authenticated and accurate method of synchronizing a Windows 7 network, then it is wise to use a dedicated network time server. Most of these time servers use the protocol NTP (Network Time Protocol) which can easily distribute a single time server throughout a network of hundreds and even thousands of machines.

Time servers plug directly into the router/switch for the network or can be installed on a single machine. Rather than rely on the Internet for a source of time and risk leaving the firewalls UDP port open, dedicated NTP time servers use either the GPS signals or long wave radio broadcasts transmitted from national physics laboratories such as the MSF signal broadcast by the UK’s NPL and the USA WWVB signal broadcast by NIST.

As these signals are external to the firewall and are able to be authenticated by NTP to establish the authority of the signals and are a more accurate and secure method of synchronizing a Windows 7 network.

Keeping Your Network Secure A Beginners Guide

Wednesday, September 30th, 2009

Network security is vitally important for most business systems. Whilst email viruses and denial-of-service attacks (DoS attack) may cause us headaches on our home systems, for businesses, these sorts of attacks can cripple a network for days – costing businesses hundreds of millions each year in lost revenue.

Keeping a network secure to prevent this type of malicious attack is usually of paramount importance for network administrators, and while most invest heavily in some forms of security measures there is often vulnerabilities inadvertently left exposed.

Firewalls are the best place to begin when you are trying to develop a secure network. A firewall can be implemented in either hardware or software, or most commonly a combination of both. Firewalls are used to prevent unauthorized users from accessing private networks connected to the Internet, especially local intranets. All traffic entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified criteria.

Anti-virus software works in two ways. Firstly it acts similarly to a firewall by blocking anything that is identified in its database as possibly malicious (viruses, Trojans, spyware etc). Secondly Anti-virus software is used to detect, and remove existing malware on a network or workstation.

One of the most over-looked aspects of network security is time synchronization. Network administrators either fail to realise the importance of synchronization between all devices on a network. Failing to synchronize a network is often a common security issue. Not only can malicious users take advantage of computers running at different times but if a network is struck by an attack, identifying and rectifying the problem can be near impossible if every device is running on a different time.

Even when a network administrator is aware of the importance of time synchronization they often make a common security mistake when attempting to synchronize their network. Instead of investing in a dedicated time server that receives a secure source of UTC (Coordinated Universal Time) externally from their network using atomic clock sources like GPS, some network administrators opt to use a shortcut and use a source of Internet time.

There are two major security issues in using the Internet as a time server. Firstly, to allow the time code through the network a UDP port (123) has to be left open in the firewall. This can be taken advantage of by malicious users who can use this open port as an entrance to the network. Secondly, the inbuilt security measure used by the time protocol NTP, known as authentication, doesn’t work across the Internet which means that NTP has no guarantee the time signal is coming from where it is supposed to.

To ensure your network is secure isn’t it time you invested in an external dedicated NTP time server?

Configuring a Network to use a NTP Server Part two: Distributing the Time

Thursday, September 3rd, 2009

NTP (Network Time Protocol) is the protocol designed for time distribution amongst a network. NTP is hierarchical. It organises a network into strata, which are the distance from a clock source and the device.

A dedicated NTP server that receives the time from a UTC source such as GPS or the national time and frequency signals is regarded as a stratum 1 device. Any device that is connected to a NTP server becomes a stratum 2 device and devices farther down the chain become stratum 2, 3 and so on.

Stratum layers exist to prevent cyclical dependencies in the hierarchy. But the stratum level is not an indication of quality or reliability.

NTP checks the time on all devices on the network it then adjusts the time according to how much drift it discovers. Yet NTP goes further than just checking the time on a the reference clock, the NTP program exchanges time information by packets (blocks of data) but refuses to believe the time it is told until several exchanges have taken place, each passing a set of tests known asprotocol specifications. It often takes about five good samples until a NTP server is accepted as a timing source.

NTP uses timestamps to represent the current time the day. As time is linear, each timestamp is always greater than the previous one. NTP timestamps are in two formats but they relay the seconds from a set point in time (known as the prime epoch, set at 00:00 1 January 1900 for UTC) The NTP algorithm then uses this timestamp to determine the amount to advance or retreat the system or network clock.

NTP analyses the timestamp values including the frequency of errors and the stability. A NTP server will maintain an estimate of the quality of both its reference clocks and itself.

Configuring a Network to use a NTP Server Part one: Finding a Time Source

Tuesday, September 1st, 2009

Keeping your network synchronized with the correct time is crucial for modern networking. Because of the value of timestamps in communciating globally and across multi-networks, it is imperative that every machine is running a source of UTC (Coordinated Universal Time).

UTC was developed to allow the entire global community to use the same time no matter where they are on the globe as UTC doesn’t use time-zones so it allows accurate communication regardless of location.

However, finding a source of UTC is often where some network administrators fall down when they are attempting to synchronize a network. There are many areas that a source of UTC can be received from but very few that will provide both accurate and secure reference to the time.

The internet is full of purported sources of UTC, however, many of them offer no where near their acclaimed accuracy. Furthermore, resorting to the internet can lead to security vulnerabilities.

Internet time sources are external to the firewall and therefore a hole has to be left open which can be taken advantage of by malicious users. Furthermore, NTP, the protocol used to distribute and receive time sources, cannot instigate its authentication security measure across the internet so it is not possible to ensure the time is coming from where it is supposed to.

External sources of UTC time are far more secure. There are two methods used by most administrators. Long wave radio signals as broadcast by national physics laboratories and the GPS signal which is available everywhere on the globe.

The external sources of UTC ensure your NTP network is receiving not just an accurate source of UTC but also a secure one.

Using a NTP Server in your Network

Monday, July 20th, 2009

The Network Time Protocol server is used in computer networks all over the world. It keeps an entire network’s systems and devices synchronised to the same time, normally a source of UTC (Coordinated Universal Time).

But is a NTP time server a necessary requirement and can your computer network survive without one?  The short answer is perhaps yes, a computer network can survive without a NTP server but the consequences can be dramatic.

Computers are meant to make our lives easier but any network administrator will tell you they can cause an awful amount of difficulty when they inevitably go wrong and without adequate time synchronisation, identifying an error and putting it right can be nearly impossible.

Computers use the time in the form of a timestamp as the only reference they have to distinguish between two events. Whilst computers and networks will still function without adequate synchronisation they are extremely vulnerable. Not only is locating and correcting errors extremely difficult if machines are not synchronised the network will be vulnerable to malicious users and viral software that can take advantage of it.

Furthermore, failing to synchronise to UTC can cause problems if the network is to communicate with other networks that are synchronised. Any time sensitive transactions could fail and the system could be open to potential fraud or other legal implications as proving the time of a transaction could be near impossible.

NTP servers are easy to install and receive the UTC time signal from either long wave transmissions or the GPS satellite network which they then distribute amongst the network’s machines. As a dedicated NTP time server operates externally to the network firewall it does so without compromising security.

Dealing With Time computers synchronisation and timestamps

Tuesday, June 30th, 2009

Time is important for the smooth running of our day to day lives. Everything we do is either governed by or restrained because of time. Yet time is even more essential for computer systems as it is the only point of reference a computer has to distinguish between events and processes.

Everything a computer does is logged by the processor with what process was done and exactly when it was carried out. As computers can process hundreds if not thousands of transactions a second so the time stamp is vital for establishing the order of events.

Computers do not read and use the time in the same format that we do. A computer timestamp takes the form of a single digit that counts the number of seconds from a set point in time. In most systems this is known as the ‘prime epoch’ and is set from 00:00:00 UTC on January 1, 1970. So a timestamp for the date 23 June 2009 the timestamp would read: 1246277483 as this is the number of seconds from the prime epoch.

Computer timestamps are sent across networks and the internet, for instance every time an email is sent it is accompanied by a timestamp. When the email is replied to this too comes with a timestamp. Yet, when neither computer is synchronized the replied email could arrive back with an earlier code and this can cause untold confusion for a computer as according to its logs the email will have arrived back before the original was sent.

For this reason computer networks are synchronized to the global timescale UTC (Coordinated Universal Time). UTC is kept true by a constellation of atomic clocks which means that and computer network synchronised to a UTC source will be highly accurate.

Time synchronization on computers is dealt with by the protocol NTP (Network Time Protocol). Special dedicated NTP servers are available the receive a secure time code from either the GPS network or from specialist radio transmissions broadcast by national physical laboratories and then synchronize entire networks to the single time source.

Do I Really Need an NTP Time Server?

Sunday, June 14th, 2009

The NTP time server is a much misunderstood piece of equipment. They are quite simple devices in the sense that they are used for the purposes of time synchronisation, receiving an external source of the time which is then distributed throughout a computer network using NTP (Network Time Protocol).

However, with a myriad of ‘free’ time servers available on the internet many network administrators take the decision that NTP time servers are not necessary pieces of equipment and that their network can do without it. However, there are a huge number of pitfalls in relying on the internet as a time reference; Microsoft and the USA physics laboratory NIST (National Institute of Standards and Time) highly recommend external NTP time servers rather than internet providers.

Here is what Microsoft says:
“We highly recommend that you configure the authoritative Time Server to gather the time from a hardware source. When you configure the authoritative Time Server to sync with an Internet time source, there is no authentication.”

Authentication is a security measure implemented by NTP to ensure that the time signal that is sent comes from where it claims to come from. In other words authentication is the first line of defence in protecting against malicious users. There are other security issues too with using the internet as a time source as any communication with an internet time source is going to require the TCP/IP port to be left open in the firewall this could also be manipulated by malicious users.

NIST too recognise the importance of NTP time server systems for prevention and detection of security threats in their Guide to Computer Security Log Management they suggest:
“Organizations should use time synchronization technologies such as Network Time Protocol (NTP) servers whenever possible to keep log sources’ clocks consistent with each other.”

The World in Perfect Synchronization

Wednesday, May 13th, 2009

Synchronization is something we are familiar with everyday of our lives. From driving down the highway to walking crowded street; we automatically adapt our behaviour to synchronize with those around us. We drive in the same direction or walk the same thoroughfares as other commuters as failing to do so would make our journey a lot more difficult (and dangerous).

When it comes to timing, synchronisation is even more important. Even in our day to day dealings we expect a reasonable amount of synchronisation from people. When a meeting starts at 10am we expect everybody to be there within a few minutes.

However, when it comes to computer transactions across a network, accuracy in synchronisation becomes even more important where accuracy to a few seconds is too inadequate and synchronisation to the millisecond becomes essential.

Computers use time for every transaction and process they do and you only have to think back to the furore caused by the millennium bug to appreciate the importance computer’s place on time. When there is not precise enough synchronisation then all sorts of errors and problems can occur, particularly with time sensitive transactions.

Its not just transactions that can fail without adequate synchronisation but time stamps are used in computer log files so if something goes wrong or if a malicious user has invaded (which is very easy to do without adequate synchronisation) it can take a long time to discover what went wrong and even longer to fix the problems.

A lack of synchronisation can also have other effects such as data loss or failed retrieval it can also leave a company defenceless in any potential legal argument as a badly or unsynchronised network can be impossible to audit.

Millisecond synchronisation is however, not the headache many administrators assume it is going to be. Many opt to take advantage of many of the online timeservers that are available on the internet but in doing so can generate more problems than it solves such as having to leave the UDP port open in the firewall (to allow the timing information through) not-to-mention no guaranteed level of accuracy from the public time server.

A better and simpler solution is to use a dedicated network time server that uses the protocol NTP (Network Time Protocol). A NTP time server will plug straight into a network and use the GPS (Global Positioning System) or specialist radio transmissions to receive the time direct from an atomic clock and distribute it amongst the network.