Hackers and Time Servers
| By Richard N Williams
Computer hacking is a common subject in the news. Some of the biggest companies have fallen victim to hackers, and for a myriad of reasons. Protecting computer networks from invasion from malicious users is an expensive and sophisticated industry as hackers use many methods to invade a system.
Various forms of security exist to defend against unauthorised access to computer networks such as antivirus software and firewalls.
One area often overlooked, however, is where a computer network gets it source of time from, which can often be a vulnerable aspect to a network and a way in for hackers.
Most computer networks use NTP (Network Time Protocol) as a method of keeping synchronised. NTP is excellent at keeping computers at the same time, often to within a few milliseconds, but is dependent on a single source of time.
Because computer networks from different organisations need to communicate together, having the same source of time makes sense, which is the reason most computer networks synchronise to a source of UTC (Coordinated Universal Time).
UTC, the world’s global timescale, is kept true by atomic clocks and various methods of utilising UTC are available.
Quite often, computer networks use an internet time source to obtain UTC but this is often when they run into security issues.
Using internet time sources leave a computer network open to several vulnerabilities. Firstly, to allow access to the internet time source, a port needs keeping open in the system firewall (UDP 123). As with any open port, unauthorised users could take advantage of this, using the open port as a way into the network.
Secondly, if the internet time source itself if tampered with, such as by BGP injection (Border Gateway Protocol) this could lead to all sorts of problems. By telling internet time servers it was a different time or date, major havoc could ensue with data getting lost, system crashes—a type of Y2K effect!
Finally, internet time servers can’t be authenticated by NTP and can also be inaccurate. Vulnerable to latency and affected to distance, errors can also occur; earlier this year some reputable time servers lost several minutes, leading to thousands of computer networks receiving the wrong time.
To ensure complete protection, dedicated and external time servers, such as Galleon’s NTS 6001 are the only secure method of receiving UTC. Using GPS (or a radio transmission) an external NTP time server can’t be manipulated by malicious users, is accurate to a few milliseconds, can’t drift and is not susceptible to timing errors.