Archive for September, 2009

Keeping Your Network Secure A Beginners Guide

Wednesday, September 30th, 2009

Network security is vitally important for most business systems. Whilst email viruses and denial-of-service attacks (DoS attack) may cause us headaches on our home systems, for businesses, these sorts of attacks can cripple a network for days – costing businesses hundreds of millions each year in lost revenue.

Keeping a network secure to prevent this type of malicious attack is usually of paramount importance for network administrators, and while most invest heavily in some forms of security measures there is often vulnerabilities inadvertently left exposed.

Firewalls are the best place to begin when you are trying to develop a secure network. A firewall can be implemented in either hardware or software, or most commonly a combination of both. Firewalls are used to prevent unauthorized users from accessing private networks connected to the Internet, especially local intranets. All traffic entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified criteria.

Anti-virus software works in two ways. Firstly it acts similarly to a firewall by blocking anything that is identified in its database as possibly malicious (viruses, Trojans, spyware etc). Secondly Anti-virus software is used to detect, and remove existing malware on a network or workstation.

One of the most over-looked aspects of network security is time synchronization. Network administrators either fail to realise the importance of synchronization between all devices on a network. Failing to synchronize a network is often a common security issue. Not only can malicious users take advantage of computers running at different times but if a network is struck by an attack, identifying and rectifying the problem can be near impossible if every device is running on a different time.

Even when a network administrator is aware of the importance of time synchronization they often make a common security mistake when attempting to synchronize their network. Instead of investing in a dedicated time server that receives a secure source of UTC (Coordinated Universal Time) externally from their network using atomic clock sources like GPS, some network administrators opt to use a shortcut and use a source of Internet time.

There are two major security issues in using the Internet as a time server. Firstly, to allow the time code through the network a UDP port (123) has to be left open in the firewall. This can be taken advantage of by malicious users who can use this open port as an entrance to the network. Secondly, the inbuilt security measure used by the time protocol NTP, known as authentication, doesn’t work across the Internet which means that NTP has no guarantee the time signal is coming from where it is supposed to.

To ensure your network is secure isn’t it time you invested in an external dedicated NTP time server?

Parking Tickets and the NTP Server

Saturday, September 26th, 2009

There is nothing worse than returning to your car only to discover that your parking meter time limit has expired and you’ve got a parking ticket slapped on to your windscreen.

More-often-than-not it’s only a matter of being a couple of minutes late before an over eager parking attendant spots your expired meter or ticket and issues you a fine.

However, as the people of Chicago are discovering, whilst a minute may be the difference between getting back to the car in time or receiving a ticket, a minute may also be the difference between different parking meters.

It seems the clocks on the 3000 new parking meter pay boxes in Cale, Chicago have been discovered to be unsynchronized. In fact, of the nearly 60 pay boxes observed, most are off at least a minute and in some cases, nearly 2 minutes from what is “actual” time.

This has posed a headache to the firm in charge of parking in the Cale district and they could face legal challenges from the thousands of motorists that have been given tickets from these machine.

The problem with the Cale parking system is that while they claim they regularly calibrate their machine there is no accurate synchronization to a common time reference. In most modern applications UTC (Coordinated Universal Time) is used as a base timescale and to synchronize devices, like Cale’s parking meters, a NTP server, linked to an atomic clock will receive UTC time and ensure every device has the exact time.

NTP servers are used in the calibration of not just parking meters but also traffic lights, air traffic control and the entire banking system to name but a few applications and can synchronize every device connected to it to within a few milliseconds of UTC.

It’s a shame Cale’s parking attendants didn’t see the value of of a dedicated NTP time server – I’m sure they are regretting not having one now.

Which time signal? GPS or WWVB and MSF

Thursday, September 24th, 2009

Dedicated NTP time server devices are the easiest, most accurate, reliable and secure method of receiving a source of UTC time (Coordinated Universal Time) for synchronizing a computer network.

NTP servers (Network Time Protocol) operate outside the firewall and are not reliant on the Internet which means they are highly secure and not vulnerable to malicious users who, in the case of Internet time sources can use the NTP client signals as a method of accessing the network or penetrating the firewall.

A dedicated NTP server will also receive it’s time code direct from an atomic clock, this makes it a stratum 1 time server as opposed to online time servers which are stratum 2 time servers, that is they get the time from a stratum 1 server and so are not as accurate.

In using a NTP time server there is only really one decision to make and that is how the time signal is to be received and for this there is only two choices:

The first is to make use of the time standard radio transmissions broadcast by national physics laboratories such as NIST in the USA or the UK’s NPL. These signals (WWVB in the US, MSF in the UK) are limited in range although the USA signal is available in most parts of Canada and Alaska. However, they are vulnerable to local interference and topography as other long wave radio signals are.

The alternative to the WWVB/MSF signal is to utilise the GPS satellite network (Global Positioning System). Atomic clocks are used by GPS satellites as the basis for navigational information used by satellite receivers. These atomic clocks can be used by using a NTP time server fitted with a GPS antenna.

Whilst the GPS time signal is strictly speaking not UTC- it is 17 seconds behind as leap seconds have never been added to GPS time (as the satellites are unreachable) but NTP can account for this (by simply adding 17 whole seconds). The advantage of GPS is that it is available anywhere on the planet just as long as the GPS antenna has a clear view of the sky.

Duel systems that can utilise both types of signal are also available.

Configuring a Network to use a NTP Server Part two: Distributing the Time

Thursday, September 3rd, 2009

NTP (Network Time Protocol) is the protocol designed for time distribution amongst a network. NTP is hierarchical. It organises a network into strata, which are the distance from a clock source and the device.

A dedicated NTP server that receives the time from a UTC source such as GPS or the national time and frequency signals is regarded as a stratum 1 device. Any device that is connected to a NTP server becomes a stratum 2 device and devices farther down the chain become stratum 2, 3 and so on.

Stratum layers exist to prevent cyclical dependencies in the hierarchy. But the stratum level is not an indication of quality or reliability.

NTP checks the time on all devices on the network it then adjusts the time according to how much drift it discovers. Yet NTP goes further than just checking the time on a the reference clock, the NTP program exchanges time information by packets (blocks of data) but refuses to believe the time it is told until several exchanges have taken place, each passing a set of tests known asprotocol specifications. It often takes about five good samples until a NTP server is accepted as a timing source.

NTP uses timestamps to represent the current time the day. As time is linear, each timestamp is always greater than the previous one. NTP timestamps are in two formats but they relay the seconds from a set point in time (known as the prime epoch, set at 00:00 1 January 1900 for UTC) The NTP algorithm then uses this timestamp to determine the amount to advance or retreat the system or network clock.

NTP analyses the timestamp values including the frequency of errors and the stability. A NTP server will maintain an estimate of the quality of both its reference clocks and itself.

Configuring a Network to use a NTP Server Part one: Finding a Time Source

Tuesday, September 1st, 2009

Keeping your network synchronized with the correct time is crucial for modern networking. Because of the value of timestamps in communciating globally and across multi-networks, it is imperative that every machine is running a source of UTC (Coordinated Universal Time).

UTC was developed to allow the entire global community to use the same time no matter where they are on the globe as UTC doesn’t use time-zones so it allows accurate communication regardless of location.

However, finding a source of UTC is often where some network administrators fall down when they are attempting to synchronize a network. There are many areas that a source of UTC can be received from but very few that will provide both accurate and secure reference to the time.

The internet is full of purported sources of UTC, however, many of them offer no where near their acclaimed accuracy. Furthermore, resorting to the internet can lead to security vulnerabilities.

Internet time sources are external to the firewall and therefore a hole has to be left open which can be taken advantage of by malicious users. Furthermore, NTP, the protocol used to distribute and receive time sources, cannot instigate its authentication security measure across the internet so it is not possible to ensure the time is coming from where it is supposed to.

External sources of UTC time are far more secure. There are two methods used by most administrators. Long wave radio signals as broadcast by national physics laboratories and the GPS signal which is available everywhere on the globe.

The external sources of UTC ensure your NTP network is receiving not just an accurate source of UTC but also a secure one.