Unsynchronised clocks are a network security hazard and, believe it or not, time discrepancies can lead to major breaches, causing untold disruption. What are the problems that can arise and how do you maintain time synchronisation? Find out here…
To keep precise time, computer networks have to find a source of accurate, precise and secure time, which enables all devices to be synchronised together. One of the most common used devices for achieving this are radio time synchronisation receivers.
The media is full of stories of cyber terrorism, state sponsored cyber warfare and internet sabotage. While these stories may seem like they come from a science fiction plot, but the reality is that with so much of the world now dependent on computers and the internet, cyber attacks are a real concern for governments and businesses alike.
Crippling a website, a government server or tampering with systems like air-traffic control can have catastrophic effects—so no wonder people are worried. Cyber attacks come in so many forms too. From computer viruses and trojans, that can infect a computer, disabling it or transferring data to malicious users; distributed denial of service attacks (DDoS) where networks become clogged up preventing normal use; to border gateway protocol (BGP) injections, which hijack server routines causing havoc.
As precise time is so important for many technologies, with synchronisation crucial in global communication, one vulnerability that can be exploited is the online time server.
By sabotaging a NTP server (Network Time Protocol) with BGP injections, servers that rely on them can be told it’s a completely different time than it is; this can cause chaos and result in a myriad of problems as computers rely solely on time to establish if an action has or hasn’t taken place.
Securing a time source, therefore, is essential for internet security and for this reason, dedicated NTP time servers that operate externally to the internet are crucial.
Receiving time from the GPS network, or radio transmissions from NIST (National Institute for Standards and Time) or the European physical laboratories, these NTP servers can’t be tampered with by external forces, and ensure that the network’s time will always accurate.
All essential networks, from stock exchanges to air traffic controllers, utilise external NTP servers for these security reasons; however, despite the risks, many businesses still receive their time code from the internet, leaving them exposed to malicious users and cyber attacks.
The DCF 77 signal is a long wave transmission broadcast at 77 KHz from Frankfurt in Germany. DCF -77 is transmitted by Physikalisch-Technische Bundesanstalt, the German national physics laboratory.
DCF-77 is an accurate source of UTC time and is generated by atomic clocks that ensure its precision. DCF-77 is a useful source of time that can be adopted all over Europe by technologies needing an accurate time reference.
Radio controlled clocks and network time servers receive the time signal and in the case of time servers distribute this time signal across a computer network. Most computer network use NTP to distribute the DCF 77 time signal.
There are advantages of using a signal like DCF for time synchronisation. DCF is long wave and is therefore susceptible to interference from other electrical devices but they can penetrate buildings that give the DCF signal an advantage over that other source of UTC time generally available – GPS (Global Positioning System) – which requires a open view of the sky to receive satellite transmissions.
Other long wave radio signals are available in other countries that are similar to DCF-77. In the UK the MSF -60 signal is broadcast by NPL (National Physical Laboratory) from Cumbria while in the USA, NIST (National Institute of Standards and Time) transmit the WVBB signal from Boulder, Colorado.
NTP time servers are an efficient method of receiving these long wave transmissions and then using the time code as a synchronisation source. NTP servers can receive DCF, MSF and WVBB as well as many of them also being able to receive the GPS signal too.
Despite being around for over twenty years, the current favoured time protocol by most networks, NTP (Network Time Protocol) has some competition.
The Precision Time Protocol (PTP) or IEEE 1588 has been developed for local systems requiring very high accuracy (to nano-second level). Currently this type of accuracy is beyond the capabilities of NTP.
PTP requires a master and slave relation ship in the network. A two-step process is required to synchronise devices using the IEEE 1588 (PTP). First, determination of which device is the master is required then the offsets and natural network delays are measured. PTP uses the Best Master Clock algorithm (BMC) to establish which clock on the network is the most accurate and it becomes the master whilst all other clocks become slaves and synchronise to this master.
IEEE (Institute of Electrical and Electronic Engineers) describes IEEE 1588 or (PTP) as designed to “fill a niche not well served by either of the two dominant protocols, NTP and GPS. IEEE 1588 is designed for local systems requiring very high accuracies beyond those attainable using NTP. It is also designed for applications that cannot bear the cost of a GPS receiver at each node, or for which GPS signals are inaccessible.” (quoted in Wikipedia)
PTP can provide accuracy to a few nano-seconds but this type of accuracy is not required by most network users however, the target use of PTP appears to be mobile broadband and other mobile technologies as PTP supports time-of-day information, used by billing and service level agreement reporting functions in mobile networks.
Network security is vitally important for most business systems. Whilst email viruses and denial-of-service attacks (DoS attack) may cause us headaches on our home systems, for businesses, these sorts of attacks can cripple a network for days – costing businesses hundreds of millions each year in lost revenue.
Keeping a network secure to prevent this type of malicious attack is usually of paramount importance for network administrators, and while most invest heavily in some forms of security measures there is often vulnerabilities inadvertently left exposed.
Firewalls are the best place to begin when you are trying to develop a secure network. A firewall can be implemented in either hardware or software, or most commonly a combination of both. Firewalls are used to prevent unauthorized users from accessing private networks connected to the Internet, especially local intranets. All traffic entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified criteria.
Anti-virus software works in two ways. Firstly it acts similarly to a firewall by blocking anything that is identified in its database as possibly malicious (viruses, Trojans, spyware etc). Secondly Anti-virus software is used to detect, and remove existing malware on a network or workstation.
One of the most over-looked aspects of network security is time synchronization. Network administrators either fail to realise the importance of synchronization between all devices on a network. Failing to synchronize a network is often a common security issue. Not only can malicious users take advantage of computers running at different times but if a network is struck by an attack, identifying and rectifying the problem can be near impossible if every device is running on a different time.
Even when a network administrator is aware of the importance of time synchronization they often make a common security mistake when attempting to synchronize their network. Instead of investing in a dedicated time server that receives a secure source of UTC (Coordinated Universal Time) externally from their network using atomic clock sources like GPS, some network administrators opt to use a shortcut and use a source of Internet time.
There are two major security issues in using the Internet as a time server. Firstly, to allow the time code through the network a UDP port (123) has to be left open in the firewall. This can be taken advantage of by malicious users who can use this open port as an entrance to the network. Secondly, the inbuilt security measure used by the time protocol NTP, known as authentication, doesn’t work across the Internet which means that NTP has no guarantee the time signal is coming from where it is supposed to.
To ensure your network is secure isn’t it time you invested in an external dedicated NTP time server?