Five Reasons Why You Should Never Use an Internet Timing Source
Time synchronisation is now an integral part of network administration. Networks that are not synchronised to UTC time (Coordinated Universal Time) become isolated; unable to process time sensitive transactions or communicate securely with other networks.
UTC time has been developed to allow the entire globe to communicate under a single time-frame and it is based on the time told by atomic clocks.
To synchronise to UTC time many network administrators simply connect to an Internet timing source and assume they are receiving a secure source of UTC time. However, there are pitfalls to this and any network that requires security should NEVER use the Internet as a timing source:
1. To use an internet timing source a port needs to be forwarded in the firewall. This ‘hole’ to allow the timing information to pass through can be utilised by anybody else too.
2. NTP (Network Time Protocol) has an inbuilt security measure called authentication that ensures a timing source is exactly who it says it is, this can’t be utilised over the Internet.
3. Internet timing sources are wholly inaccurate. A survey by Nelson Minar of MIT (Massachusetts Institute of Technology) discovered less than half were close enough to UTC time to be described as reliable (some where minutes and even hours out!).
4. Distance across the Internet can render even an extremely accurate Internet timing source useless as the distance to client could cause delay.
5. A dedicated time server will use a radio of GPS timing signal which can be audited to guarantee its accuracy, providing security and legal protection; internet timing sources cannot.
Dedicated NTP time servers not only offer greater protection and security than Internet time sources. They also offer unbridled accuracy with both the GPS and time and frequency radio transmissions (such as MSF, DCF or WWVB) accurate to within a few milliseconds of UTC time.
