Network Time Protocol Security

By on

The protocol used by most network time servers is NTP (Network Time Protocol) and has been around for quite a long time yet it is constantly being updated and developed offering ever higher levels of accuracy and security.

Synchronisation is an essential part of modern computer networks and is essential for keeping a system secure. Without NTP and time synchronisation a computer network can be vulnerable o malicious attacks and even fraud.

Even with a perfectly synchronised network security can still be an issue but there are a few key steps that can be taken to ensure your network is kept secure.

Always use a dedicated Network Time Server. Whilst Internet time sources are common place they are a time source situated outside the firewall. This will have obvious security draw backs as a malicious user can take advantage of the ‘hole’ left in your firewall to communicate with the NTP server. A dedicated NTP server will receive a time signal from an external source.

Normally these types of dedicated time servers will utilise either the GPS network (Global Positioning System) or specialist national time and frequency radio transmissions. Both these time sources offer an accurate and reliable method of UTC time (coordinated universal time) whilst also being secure.

Another way to ensure security is to take advantage of NTP’s built-in security mechanism – authentication. Authentication is a set of encrypted keys that are used to establish if the time source is coming from where it is claiming to come from.

Authentication verifies that each timestamp has come from the intended time reference by analysing a set of agreed encryption keys that are sent along with the time information. NTP, using Message Digest encryption (MD5) to un-encrypt the key, analyses it and confirms whether it has come from the trusted time source by verifying it against a set of trusted keys.

Trusted authentication keys are listed in the NTP server configuration file (ntp.conf) and are stored in the ntp.keys file. The key file is normally very large but trusted keys tell the NTP server which set of subset of keys is currently active and which are not. Different subsets can be activated without editing the ntp.keys file using the trusted-keys config command.

Authentication is highly important in protecting a NTP server from malicious attack; however Internet time sources can’t be authenticated which doubles the risk of using an Internet based time reference.


This post was written by: