| NTP (Network Time Protocol) synchronises | | | | 2000, strongly recommends that a hardware |
| networks to a single time source using | | | | source is used as a timing reference as |
| timestamps to represent the current time of | | | | Internet sources can't be authenticated. |
| the day, this is essential for time sensitive | | | | |
| transactions and many system applications | | | | NTP is vital in keeping networks synchronised |
| such as email. | | | | but equally important is keeping systems |
| | | | secure. Whilst network administrators spend |
| NTP is therefore vulnerable to security | | | | thousands in anti-viral/malware software many |
| threats, whether from a malicious hacker who | | | | fail to spot the vulnerability in their time |
| wants to alter the timestamp to commit fraud | | | | servers. |
| or a DDoS attack (Distributed Denial of | | | | |
| Service - normally caused by malicious | | | | Many network administrators still entrust |
| malware that floods a server with traffic) | | | | Internet sources for their time reference. |
| that blocks server access. | | | | Whilst many do provide a good source for UTC |
| | | | time (Coordinated Universal Time - the |
| However, being one of the Internet's oldest | | | | international standard of time), such as |
| protocols and having been developed for over | | | | nist.gov, the lack of authentication means |
| 25 years, NTP is equipped with its own | | | | the network is open to abuse. |
| security measures in the form of | | | | |
| authentication. | | | | Other sources of UTC time are more secure and |
| | | | can be utilized with relatively low cost |
| Authentication verifies that each timestamp | | | | equipment. The easiest method is to use a |
| has come from the intended time reference by | | | | specialist NTP server that can connect to a |
| analysing a set of agreed encryption keys | | | | GPS antenna and receive an authenticated |
| that are sent along with the time | | | | timestamp by satellite. |
| information. NTP, using Message Digest | | | | |
| encryption (MD5) to un-encrypt the key, | | | | GPS time servers can provide accuracy to UTC |
| analyses it and confirms whether it has come | | | | time to within a few nanoseconds as long as |
| from the trusted time source by verifying it | | | | the antenna has a good view of the sky. They |
| against a set of trusted keys. | | | | are relatively cheap and the signal is |
| | | | authenticated providing a secure time |
| Trusted authentication keys are listed in the | | | | reference. |
| NTP server configuration file (ntp.conf) and | | | | |
| are normally stored in the ntp.keys file. The | | | | Alternatively there are several national |
| key file is normally very large but trusted | | | | broadcasts that transmit a time reference. In |
| keys tell the NTP server which set of subset | | | | the UK this is broadcast by the National |
| of keys is currently active and which are | | | | Physics Laboratory (NPL) in Cumbria. Similar |
| not. Different subsets can be activated | | | | systems operate in Germany, France and the |
| without editing the ntp.keys file using the | | | | US. Whilst this signal is authenticated, |
| trusted-keys config command. | | | | these radio transmissions are vulnerable to |
| | | | interference and have a finite range. |
| Authentication is therefore highly important | | | | |
| in protecting a NTP server from malicious | | | | Authentication for NTP has been developed to |
| attack; however there are many time | | | | prevent malicious tampering with system |
| references were authentication can't be | | | | synchronisation just as firewalls have been |
| trusted. | | | | developed to protect networks from attack but |
| | | | as with any system of security it only works |
| Microsoft, who has installed a version of NTP | | | | if it is utilised. |
| in their operating systems since Windows | | | | |