NTP Security: Authentication and Trusted Time References
- Date: 2008-05-26 - Word Count: 522
Share This!
NTP (Network Time Protocol) synchronises networks to a single time source using timestamps to represent the current time of the day, this is essential for time sensitive transactions and many system applications such as email.
NTP is therefore vulnerable to security threats, whether from a malicious hacker who wants to alter the timestamp to commit fraud or a DDoS attack (Distributed Denial of Service - normally caused by malicious malware that floods a server with traffic) that blocks server access.
However, being one of the Internet's oldest protocols and having been developed for over 25 years, NTP is equipped with its own security measures in the form of authentication.
Authentication verifies that each timestamp has come from the intended time reference by analysing a set of agreed encryption keys that are sent along with the time information. NTP, using Message Digest encryption (MD5) to un-encrypt the key, analyses it and confirms whether it has come from the trusted time source by verifying it against a set of trusted keys.
Trusted authentication keys are listed in the NTP server configuration file (ntp.conf) and are normally stored in the ntp.keys file. The key file is normally very large but trusted keys tell the NTP server which set of subset of keys is currently active and which are not. Different subsets can be activated without editing the ntp.keys file using the trusted-keys config command.
Authentication is therefore highly important in protecting a NTP server from malicious attack; however there are many time references were authentication can't be trusted.
Microsoft, who has installed a version of NTP in their operating systems since Windows 2000, strongly recommends that a hardware source is used as a timing reference as Internet sources can't be authenticated.
NTP is vital in keeping networks synchronised but equally important is keeping systems secure. Whilst network administrators spend thousands in anti-viral/malware software many fail to spot the vulnerability in their time servers.
Many network administrators still entrust Internet sources for their time reference. Whilst many do provide a good source for UTC time (Coordinated Universal Time - the international standard of time), such as nist.gov, the lack of authentication means the network is open to abuse.
Other sources of UTC time are more secure and can be utilized with relatively low cost equipment. The easiest method is to use a specialist NTP GPS time server that can connect to a GPS antenna and receive an authenticated timestamp by satellite.
GPS time servers can provide accuracy to UTC time to within a few nanoseconds as long as the antenna has a good view of the sky. They are relatively cheap and the signal is authenticated providing a secure time reference.
Alternatively there are several national broadcasts that transmit a time reference. In the UK this is broadcast by the National Physics Laboratory (NPL) in Cumbria. Similar systems operate in Germany, France and the US. Whilst this signal is authenticated, these radio transmissions are vulnerable to interference and have a finite range.
Authentication for NTP has been developed to prevent malicious tampering with system synchronisation just as firewalls have been developed to protect networks from attack but as with any system of security it only works if it is utilised.
NTP is therefore vulnerable to security threats, whether from a malicious hacker who wants to alter the timestamp to commit fraud or a DDoS attack (Distributed Denial of Service - normally caused by malicious malware that floods a server with traffic) that blocks server access.
However, being one of the Internet's oldest protocols and having been developed for over 25 years, NTP is equipped with its own security measures in the form of authentication.
Authentication verifies that each timestamp has come from the intended time reference by analysing a set of agreed encryption keys that are sent along with the time information. NTP, using Message Digest encryption (MD5) to un-encrypt the key, analyses it and confirms whether it has come from the trusted time source by verifying it against a set of trusted keys.
Trusted authentication keys are listed in the NTP server configuration file (ntp.conf) and are normally stored in the ntp.keys file. The key file is normally very large but trusted keys tell the NTP server which set of subset of keys is currently active and which are not. Different subsets can be activated without editing the ntp.keys file using the trusted-keys config command.
Authentication is therefore highly important in protecting a NTP server from malicious attack; however there are many time references were authentication can't be trusted.
Microsoft, who has installed a version of NTP in their operating systems since Windows 2000, strongly recommends that a hardware source is used as a timing reference as Internet sources can't be authenticated.
NTP is vital in keeping networks synchronised but equally important is keeping systems secure. Whilst network administrators spend thousands in anti-viral/malware software many fail to spot the vulnerability in their time servers.
Many network administrators still entrust Internet sources for their time reference. Whilst many do provide a good source for UTC time (Coordinated Universal Time - the international standard of time), such as nist.gov, the lack of authentication means the network is open to abuse.
Other sources of UTC time are more secure and can be utilized with relatively low cost equipment. The easiest method is to use a specialist NTP GPS time server that can connect to a GPS antenna and receive an authenticated timestamp by satellite.
GPS time servers can provide accuracy to UTC time to within a few nanoseconds as long as the antenna has a good view of the sky. They are relatively cheap and the signal is authenticated providing a secure time reference.
Alternatively there are several national broadcasts that transmit a time reference. In the UK this is broadcast by the National Physics Laboratory (NPL) in Cumbria. Similar systems operate in Germany, France and the US. Whilst this signal is authenticated, these radio transmissions are vulnerable to interference and have a finite range.
Authentication for NTP has been developed to prevent malicious tampering with system synchronisation just as firewalls have been developed to protect networks from attack but as with any system of security it only works if it is utilised.
Related Tags: gps, windows, ntp server, time server, gps ntp server, ntp, gps clock, ntp time server, gps time server, network time server, ntp time server uk, gps ntp, gps ntp time server, ntp wall clock, windows ntp time server
Richard N Williams is a technical author and a specialist in the telecommunications and network time synchronisation industry helping to develop dedicated time server products. Please visit us for more information about a GPS time server or other NTP products. Your Article Search Directory : Find in Articles
Recent articles in this category:
- Using Keywords Effectively For an SEO Campaign
Keyword research is one of the most crucial parts of an SEO campaign. If you end up choosing the wro - Search Engine Optimization Copywriting Tips
SEO copywriting is not as technical as it sounds but is different from traditional copywriting for t - 3 Tips to Make Money Using Videos
For the last five years video has been a real success in the internet. Now you can find video in alm - Is Social Media Networking Your Next Strategy For Your Online Marketing?
When you try to work on online promotion and online marketing, social media especially social media - Submitting a URL of Your Website
People who make a website usually do research on how to improve not only the quality of their websit - 5 Bad Habits of Article Marketing
There are many ways to advertise your company but having a highly ranked website is the best. Most p - Facts About SEO Services Company
SEO services companies are becoming very popular in the internet marketing world but there are some - 4 Ways Search Engine Optimization Can Be So Powerful
Whether you are an affiliate marketer, small businessman or a large organization, your first step wh - A List of 3 Options For Internet Business
The trend of making money through online business has become trendy now a day. People are shifting t - Getting the Best Affiliate Products For Your Site
Making money online was never so difficult before. There are numerous ways through which you can mak
Most viewed articles in this category:
- The Revolutionized Ebay Etailsolution Software
With the help of eBay, the auction business has received a new meaning. With the help of the many eB - Internet Millions - by Ryan Orrell - Honest Review
REVIEW: "Internet Millions", by Ryan Orrell, is a refreshing new kind of internet marketing e-bo - A Google Adsense Addiction
54% of all Google Adsense publishers admit addiction to click income. A recent online study conducte - Lead Generation for Top Residual Income
At the heart of any good residual income business is a person who knows how to generate leads. Lead - Make Money With Information Ebook Products: The Other End
I don't like thinking of myself as the kind of person that has made it rich on the internet, but in - Repeat Business Equals a Residual Income Stream
Residual income comes from other people reacting to a single action by the business owner. What bet - The NFL & United Way
There are many ways that NFL players help with the United Way. First of all, they donate a lot of th - Seo - Making Money Writing Seo Reviews
If you are a reviewer or critic you are likely to find work writing reviews of products and services - Understanding Perfume Types
Understanding the various varieties of perfume can help to cut through the difficulty in selecting a - Ecommerce Basics: Three Things To Avoid
When you decide to put your ecommerce website together there are a few mistakes that are easy to mak
