LINUX MAGAZINESLINUX MAGAZINES: Open Source News, Articles and Reviews

NTP (Network Time Protocol) synchronises networks to a single time source using timestamps to represent the current time of the day, this is essential for time sensitive transactions and many system applications such as email.

NTP is therefore vulnerable to security threats, whether from a malicious hacker who wants to alter the timestamp to commit fraud or a DDoS attack (Distributed Denial of Service – normally caused by malicious malware that floods a server with traffic) that blocks server access.

However, being one of the Internet’s oldest protocols and having been developed for over 25 years, NTP is equipped with its own security measures in the form of authentication.

Authentication verifies that each timestamp has come from the intended time reference by analysing a set of agreed encryption keys that are sent along with the time information. NTP, using Message Digest encryption (MD5) to un-encrypt the key, analyses it and confirms whether it has come from the trusted time source by verifying it against a set of trusted keys.

Trusted authentication keys are listed in the NTP server configuration file (ntp.conf) and are normally stored in the ntp.keys file. The key file is normally very large but trusted keys tell the NTP server which set of subset of keys is currently active and which are not. Different subsets can be activated without editing the ntp.keys file using the trusted-keys config command.

Authentication is therefore highly important in protecting a NTP server from malicious attack; however there are many time references were authentication can’t be trusted.

Microsoft, who has installed a version of NTP in their operating systems since Windows 2000, strongly recommends that a hardware source is used as a timing reference as Internet sources can’t be authenticated.

NTP is vital in keeping networks synchronised but equally important is keeping systems secure. Whilst network administrators spend thousands in anti-viral/malware software many fail to spot the vulnerability in their time servers.

Many network administrators still entrust Internet sources for their time reference. Whilst many do provide a good source for UTC time (Coordinated Universal Time – the international standard of time), such as nist.gov, the lack of authentication means the network is open to abuse.

Other sources of UTC time are more secure and can be utilized with relatively low cost equipment. The easiest method is to use a specialist NTP GPS time server that can connect to a GPS antenna and receive an authenticated timestamp by satellite.

GPS time servers can provide accuracy to UTC time to within a few nanoseconds as long as the antenna has a good view of the sky. They are relatively cheap and the signal is authenticated providing a secure time reference.

Alternatively there are several national broadcasts that transmit a time reference. In the UK this is broadcast by the National Physics Laboratory (NPL) in Cumbria. Similar systems operate in Germany, France and the US. Whilst this signal is authenticated, these radio transmissions are vulnerable to interference and have a finite range.

Authentication for NTP has been developed to prevent malicious tampering with system synchronisation just as firewalls have been developed to protect networks from attack but as with any system of security it only works if it is utilised.

Copyright 2008 Richard N Williams

Richard N Williams is a technical author and a specialist in the telecommunications and network time synchronisation industry helping to develop dedicated time server products; ethernet clocks, GPS time servers, NTP servers, digital wall clocks, atomic clock servers and SNTP time servers. Please visit us for more information about NTP products and NTP servers

This article may be republished and reprinted in its complete form or in part without seeking permission providing a relevant link to this site is maintained. It is a violation of copyright law to reprint or publish this content without following these terms.

Author: Richard N Williams
Article Source: EzineArticles.com
Canada duty rate

The NTP server is an integral part of the modern computer network. Without Network Time Protocol and NTP time servers many of the modern functionality of computers that we take for granted such as online reservation, Internet trading and satellite communication would be impossible.

Synchronisation in computers is dealt with by NTP. NTP and NTP servers use a single time reference to synchronise all machines on a network to that time. This time reference could in fact be anything such as the time on a wrist watch perhaps. However, synchronisation is pointless unless a UTC (coordinated universal time) time source is used as UTC has been developed to allow the whole world to synchronise to the same time, allowing truly global synchronisation.

UTC is based on the time told by atomic clocks although compensation measures such as Leap Seconds are added to UTC to keep it inline with Greenwich Meantime (GMT).

Atomic clocks are very expensive and extremely delicate pieces of equipment and not the sort of thing that can be housed in the office server room. Fortunately a NTP server can receive a UTC time source from several different locations.

The Internet is perhaps the most widely used source of time references. Unfortunately however, there are draw backs in using the Internet for a timing source. Firstly the Internet timing sources can’t be authenticated. Authentication is a security measure used by NTP to check that timing source is genuine. Secondly, to use an Internet timing reference means a hole has to be left open in the network’s firewall, again compromising security. Thirdly, Internet timing sources are notoriously inaccurate and those that aren’t can often be too far away from a client to provide any useful precision.

However, if security and high level of accuracy to UTC time is not required then the Internet can provide a simple and affordable solution.

A far more secure method of receiving a UTC timing reference is to use the specialist national time and frequency transmission broadcast by several countries. The UK (MSF), USA (WWVB), Germany (DCF) and Japan (JJY) all boast a long wave timing signal. While these signals are limited in range and strength, where available they make an ideal timing source as the radio receiver can pick these signals up from inside a building. These transmissions can also be authenticated providing a high level of security.

The third and perhaps simplest solution is to use a GPS NTP server. These use the signals sent from the Global Positioning System which contains timing information. This is ideal as the GPS signal can be received literally anywhere in the world so if there is no radio transmission your area then the GPS network will provide a secure and authenticated solution.

The only downside to GPS is that an antenna has to have a good view of the sky and therefore need to be positioned on the roof. This obviously has logistical drawbacks if the server room is in the basement of a sky-scraper.

In selecting a timing source, the most important thing to remember is where the NTP server is going to be situated. If it is indoors and there is no opportunity to run and antenna to the roof then the radio transmissions would be the best alternative. If there are no radio transmission in your country/area or the signals are blocked by local topography then the GPS is an ideal solution.

However, if accuracy and security are not an issue then the Internet would be the most obvious solution.

Richard N Williams is a technical author and specialist in atomic clocks, telecommunications, NTP and network time synchronisation helping to develop dedicated NTP clocks. Please visit us for more information about a network time server or other ntp server solutions.

Author: Richard N Williams
Article Source: EzineArticles.com
Netbook, Tablets and Mobile Computing

Network security is vitally important for most business systems. Whilst email viruses and denial-of-service attacks (DoS attack) may cause us headaches on our home systems, for businesses, these sorts of attacks can cripple a network for days – costing businesses hundreds of millions each year in lost revenue.

Keeping a network secure to prevent this type of malicious attack is usually of paramount importance for network administrators, and while most invest heavily in some forms of security measures there is often vulnerabilities inadvertently left exposed.

Firewalls are the best place to begin when you are trying to develop a secure network. A firewall can be implemented in either hardware or software, or most commonly a combination of both. Firewalls are used to prevent unauthorized users from accessing private networks connected to the Internet, especially local intranets. All traffic entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified criteria.

Anti-virus software works in two ways. Firstly it acts similarly to a firewall by blocking anything that is identified in its database as possibly malicious (viruses, Trojans, spyware etc). Secondly Anti-virus software is used to detect, and remove existing malware on a network or workstation.

One of the most over-looked aspects of network security is time synchronization. Network administrators either fail to realise the importance of synchronization between all devices on a network. Failing to synchronize a network is often a common security issue. Not only can malicious users take advantage of computers running at different times but if a network is struck by an attack, identifying and rectifying the problem can be near impossible if every device is running on a different time.

Even when a network administrator is aware of the importance of time synchronization they often make a common security mistake when attempting to synchronize their network. Instead of investing in a dedicated time server that receives a secure source of UTC (Coordinated Universal Time) externally from their network using atomic clock sources like GPS, some network administrators opt to use a shortcut and use a source of Internet time.

There are two major security issues in using the Internet as a time server. Firstly, to allow the time code through the network a UDP port (123) has to be left open in the firewall. This can be taken advantage of by malicious users who can use this open port as an entrance to the network. Secondly, the inbuilt security measure used by the time protocol NTP, known as authentication, doesn’t work across the Internet which means that NTP has no guarantee the time signal is coming from where it is supposed to.

To ensure your network is secure isn’t it time you invested in an external dedicated NTP time server?

Richard N Williams is a technical author and specialist in atomic clocks, telecommunications, NTP and network time synchronisation helping to develop dedicated NTP clocks. Please visit us for more information about an NTP server or other NTP time server solution.

Author: Richard N Williams
Article Source: EzineArticles.com
Provided by: Electric Pressure Cooker