Do I Really Need an NTP Time Server?

  |   By

The NTP time server is a much misunderstood piece of equipment. They are quite simple devices in the sense that they are used for the purposes of time synchronisation, receiving an external source of the time which is then distributed throughout a computer network using NTP (Network Time Protocol).

However, with a myriad of ‘free’ time servers available on the internet many network administrators take the decision that NTP time servers are not necessary pieces of equipment and that their network can do without it. However, there are a huge number of pitfalls in relying on the internet as a time reference; Microsoft and the USA physics laboratory NIST (National Institute of Standards and Time) highly recommend external NTP time servers rather than internet providers.

Here is what Microsoft says:
“We highly recommend that you configure the authoritative Time Server to gather the time from a hardware source. When you configure the authoritative Time Server to sync with an Internet time source, there is no authentication.”

Authentication is a security measure implemented by NTP to ensure that the time signal that is sent comes from where it claims to come from. In other words authentication is the first line of defence in protecting against malicious users. There are other security issues too with using the internet as a time source as any communication with an internet time source is going to require the TCP/IP port to be left open in the firewall this could also be manipulated by malicious users.

NIST too recognise the importance of NTP time server systems for prevention and detection of security threats in their Guide to Computer Security Log Management they suggest:
“Organizations should use time synchronization technologies such as Network Time Protocol (NTP) servers whenever possible to keep log sources’ clocks consistent with each other.”

The Concept of Time

  |   By

Time is something that we are all familiar with, it governs our lives even more so than money and we are constantly ‘at war’ with time as we battle to conduct our daily tasks before it runs out.

Yet when we start to examine time we discover that the concept of time we begin to realise that a non-ending linear distance between different events that we call time is purely a human invention.

Of course time exists but it certainly doesn’t follow the rules that the human concept of time does. It is not never ending or constant and changes and warps depending on speed of observers and the pull of gravity. In fact it was Einstein’s theories on relativity that gave human kind its first glimpse as to what time really is and how it affects our daily lives.

Einstein described a four-dimensional space-time, where time and space are inextricably woven together. This space-time gets warped and bent by gravity slowing time (or our perception of it). Einstein also, he suggested that the speed of light was the only constant in the universe and time altered depending on the relative speed to it.

When it comes to keeping track of time, Einstein’s theories can hamper any attempts at chronology. If both gravity and relative speed can affect time then it becomes difficult to measure time accurately.

We long ago abandoned the idea of using the celestial bodies and Earth’s rotation as a reference for our timekeeping as it was recognised in the early twentieth century that Earth’s rotation wasn’t at all accurate or reliable. Instead, we have depended n the oscillations of atoms to keep track of time. Atomic clocks measure atomic ticks of particular atoms and our concept of time is based on these ticks with every second being equal to over 9 billion oscillation of the caesium atom.

Even though we now base time on atomic oscillations, technologies such as GPS satellites (Global Positioning System) still have to counter the effects of lower gravity. In fact the effects of time can be monitored so accurately thanks to atomic clocks that those at different altitudes above sea level run at slightly differing speeds which has to be compensated for.

Atomic clocks can also be used to synchronise a computer network ensuring that they are running as accurately as possible. Most NTP time servers operate by utilising and distributing the time signal broadcast by an atomic clock (either through GPS or long wave) using the protocol NTP (Network Time Protocol).

Security and Synchronisation

  |   By

Security is often the most worried about aspect of running a computer network. Keeping unwanted users out whilst allowing freedom for users to access network applications is a full time job. Yet many network administrators fail to pay any heed to one of the most crucial aspects of keeping a network secure – time synchronisation.

Time synchronisation is not just important but it is vital in network security and yet it is staggering how many network administrators disregard it or fail to have their systems properly synchronised.

Ensuring the same and correct time (ideally UTC – Coordinated Universal Time) is on each network machine is essential as any time delays can be an open door for hackers to slip in undetected and what is worse if machines do get hacked are not running the same time it can be near impossible to detect, repair and get the network back up and running.

Yet time synchronisation is one of the simplest of tasks to employ, particularly as most operating systems have a version of the time protocol NTP (Network Time Protocol).

Finding an accurate time server can sometimes be problematic particularly if the network is synchronised across the internet as this can raise other security issues such as having an open port in the firewall and a lack of possible authentication by NTP to ensure the signal is trusted.

However, an easier method for time synchronisation, being both accurate and secure, is to use a dedicated NTP time server (also known as network time server). An NTP server will take a time signal direct from GPS or from the national time and frequency radio transmissions put out by organisations such as NIST or NPL.

By using a dedicated NTP server the network will become a lot securer and if the worst does happen and the system does fall victim to malicious users then having a synchronised network will ensure it is easily solvable.

What is the Best Source of UTC Time?

  |   By

UTC (Coordinated Universal Time) is the world’s global timescale and replaced the old time standard GMT (Greenwich Meantime) in the 1970’s.

Whilst GMT was based on the movement of the Sun, UTC is based on the time told by atomic clocks although it is kept inline with GMT by the addition of ‘Leap Seconds’ which compensates for the slowing of the Earth’s rotation allowing both UTC and GMT to run side by side (GMT is often mistakenly referred to as UTC – although as there is no actual difference it doesn’t really matter).

In computing, UTC allows computer networks all over the world to synchronise to the same time making possible time sensitive transactions from across the globe. Most computer networks used dedicated network time servers to synchronise to a UTC time source. These devices use the protocol NTP (Network Time Protocol) to distribute the time across the networks and continually checks to ensure there is no drift.

The only quandary in using a dedicated NTP time server is selecting where the time source comes from which will govern the type of NTP server you require. There are really three places that a source of UTC time can be easily located.

The first is the internet. In using an internet time source such as time.nist.gov or time.windows.com a dedicated NTP server is not necessarily required as most operating systems have a version of NTP already installed (in Windows just double click the clock icon to see the internet time options).

*NB it must be noted that Microsoft, Novell and others strongly advise against using internet time sources if security is an issue. Internet time sources can’t be authenticated by NTP and are outside the firewall which can lead to security threats.

The second method is to use a GPS NTP server; these devices use the GPS signal (most commonly used for satellite navigation) which is actually a time code generated by an atomic clock (from onboard the satellite). Whilst this signal is available anywhere on the globe, a GPS antenna does need a clear view of the sky which is the only drawback in using GPS.

Alternatively, many countries’ national physics laboratories such as NIST in the USA and NPL in the UK, transmit a time signal from their atomic clocks. These signals can be picked up with a radio referenced NTP server although these signals are finite and vulnerable to local interference and topography.

Understanding Computer Timestamps with NTP

  |   By

The way a computer deals with time is totally different to the ways humans perceive it. We arrange time into seconds, minutes, hours, days, weeks, months and years, while computers on the other hand arrange time as a single number representing the seconds that have passed from a single point in time, known as the prime epoch.

Most computers use NTP (Network Time Protocol) to deal with time and on networks many are synchronised using a dedicated NTP time server.  NTP knows nothing about days, years or centuries, only the seconds from the prime epoch.  This prime epoch is set (for most systems) at midnight at the turn of the century twentieth century that for a human would be recorded as something like: 00:00 – 01,01,1900.

Computers, however, count time as the number of seconds past this point. If a computer was around in 1900 its timestamp on midnight January 1 would be 0 while in 1972 at the same date the timestamp would be 2,272,060,800, which represents the number of seconds since 1900.

The timestamps restart every 136 years with the next wrap around due in 2036, this has caused uneasiness amongst some who fear a Millennium Bug type scenario, although most doubt such events would occur, however, when a wrap-around of the timestamp does happen an era integer will be added (+1), to allow computers to deal with time spans that cover more than one wrap-around.  If computers and NTP need to deal with time that spans before the prime epoch a negative integer is used (for the year 1500 a -3 will be used to represent three cycles of 136 years).

Timestamps are used in virtually every transaction that modern computers are tasked to do such as sending emails, debugging and programming. Because time is linear, a computer knows that each timestamp is always greater than the previous one and therefore computers and NTP find it difficult to deal with inaccuracies in time, particularly when time suddenly appears to go backwards.

This can happen if computers are not synchronised to the same time. If an email is sent to a machine with a slower clock, it appears to the computer to have been received before it has been sent.  Lack of synchronisation can serious problems and can even leave a system vulnerable to malicious attacks and even fraud.

Because of this, most computer networks are synchronised to UTC (Coordinated Universal Time). UTC is a global timescale and the same for everybody worldwide it is based on the time told by atomic clocks which are highly accurate, neither gaining nor losing a second in millions of years.

Most computer networks use a dedicated NTP time server to receive a UTC time to synchronise their computers too.  UTC is available from across the Internet (although unsecured), via the GPS network (Global Positioning System), or by receiving national time and frequency broadcasts via long wave.

NTP synchronises a computer by checking the received UTC time and adding to or holding a computer’s timestamp until it perfectly matches UTC. By using a dedicated NTP time server UTC can be maintained on a network to a few milliseconds of UTC time.