Category: network security

Auditable Time Synchronization with an NTP Server

  |   By

Time synchronization is crucial for many modern applications. Whilst computer networks all have to be running in perfect time to prevent errors and ensure security other systems require time synchronization for legal reasons.

Average speed cameras, traffic light cameras, CCTV, parking meters and alarm systems to name but a few, all require accurate time synchronization not just to ensure the correct operation of the systems but also to provide an auditable and legal trail for use in prosecutions.

Failure to do so can lead to the system being completely useless as any legal case based around the technology would need to be provable.

For instance, a CCTV network that is not synchronized would not be admissible in court, a defendant could easily claim that an image of them on a camera could not be them as they were not in the vicinity at the time and unless the camera system can be audited and proved to be accurate then reasonable doubt would see any case against the suspect dropped.

For this reason, systems like those mentioned above require complete auditable time synchronisation that can be proven beyond reasonable doubt in a court system.

An auditable system of time synchronization is only possible by using a dedicated NTP time server (Network Time Protocol). NTP servers not only provide an accurate method of synchronization being accurate to a few milliseconds they also provide a full audit trail that can’t be disputed.

NTP server systems use the GPS network or specialist radio transmissions to receive the atomic clock time which is so accurate the chance of it being even a second out from UTC time (Universal Coordinated Time) is over 3 billion to one which is even greater than the accuracy of other legal evidences such as DNA.

When Time is Money Accuracy Matters

  |   By

We live in a fast paced world where time matters. In some industries even a second can make all the difference. Millions of dollars are exchanged hands in the stock exchange each second and share prices can rise or plummet.

Getting the right price at the right time is essential for trading in such a fast paced money market and perfect network time synchronization is the essential to be able to make that happen.

Ensuring every machine that deals in stocks, shares and bonds has the correct time is vital if people are going to trade in the derivatives market but when traders are sat in different parts of the world how can this possibly be achieved.

Fortunately Coordinated Universal Time (UTC), a global timescale developed after the development of atomic clocks, allows the same time to govern every trader, regardless of where they are in the world.

As UTC is based on atomic clock time and is kept accurate by a constellation of these clocks, it is high reliable and accurate. And industries like the stock exchange use UTC to govern the time on their computer networks.

Computer network time synchronization is achieved in computer networks by using the NTP server (Network Time Protocol). NTP servers receive a source of UTC from an atomic clock reference. This is either from the GPS network or through specialist radio transmissions (it is available through the internet too but is not as reliable).

Once received, the NTP server distributes the highly accurate time throughout the network, continually checking each device and workstation to ensure the clock is as precise as possible.

These network time servers can keep entire networks of hundreds and thousands of machines in perfect synchronization – to within a few milliseconds of UTC!

Configuring a Dedicated NTP Time Server on Windows 7

  |   By

Windows 7 is the very latest operating system from Microsoft. Replacing the rather disappointing Windows Vista, Windows 7 promises to correct the flaws that made its predecessor so unpopular.

One of the changes Windows 7 makes is that it automatically synchronizes the time using the Windows Time service located at windows.time.com. Whilst this is an accurate stratum 2 time server, managed by Microsoft, it can be changed for another source of Internet time. However, even Microsoft recommend that Internet time sources should not used for computer networks as they can’t be authenticated by the time protocol NTP (Network Time protocol). Furthermore, an internet time source needs a port left open in the firewall for the time signals to make it through. Any open port in a firewall can be used by a malicious user to gain access to the network.

For a secure, authenticated and accurate method of synchronizing a Windows 7 network, then it is wise to use a dedicated network time server. Most of these time servers use the protocol NTP (Network Time Protocol) which can easily distribute a single time server throughout a network of hundreds and even thousands of machines.

Time servers plug directly into the router/switch for the network or can be installed on a single machine. Rather than rely on the Internet for a source of time and risk leaving the firewalls UDP port open, dedicated NTP time servers use either the GPS signals or long wave radio broadcasts transmitted from national physics laboratories such as the MSF signal broadcast by the UK’s NPL and the USA WWVB signal broadcast by NIST.

As these signals are external to the firewall and are able to be authenticated by NTP to establish the authority of the signals and are a more accurate and secure method of synchronizing a Windows 7 network.

Why we Synchronize the Time

  |   By

We live and work in a totally different world to the one that many of us were born into. We are now as likely to buy something from across the internet as stroll down the coal high street. And big business and commerce has changed too with the marketplace becoming truly global and the internet being the most common tool for trade.

Trading globally does provide its problems though as different timescales govern the different countries across the globe. To ensure parity a global timescale was introduced in the 1970’s knows Coordinated Universal Time (UTC). However, as e-commerce advanced so did the need to ensure accurate synchronization to UTC.

The biggest problem is that most clocks and watches, including those inbuilt into computer motherboards, are susceptible to drift. And as different machines will drift at different rates, global communication and e-commerce could be impossible. Just think of the difference a second can make in marketplaces like the stock exchange, where fortunes are won or lost, or when you purchase seat reservations online, what would happen if somebody on a computer with slower clock booked the same seat after you, the computer’s timestamps will show the person booked before you.

Other unforeseen errors can result, even in internal networks, when computers are running different times. Data can get lost, errors can be difficult to log, track down and fix and malicious users can take advantage of the time confusion.

To ensure truly global synchronization, computer networks can synchronize to an atomic clock allowing all computers on a network o remain within a few milliseconds of UTC. Compute networks use NTP servers (Network Time Protocol) to ensure accurate synchronization, most NTP servers receive the atomic clock time from either GPS satellites of radio frequencies.

How Computers Keep Abreast of Time

  |   By

Time governs our lives and keeping abreast of it is vital if we want to get to work on time, make it home for dinner or watch our favourite shows of an evening.

It is also crucial for computer systems. Computers use time as a point of reference, indeed, time is the only point of reference it can use to distinguish between two events and it is crucial that computers operating in networks are synchronized together.

Time synchronization is when all computers that are connected together run the same time. Time synchronization, however, is not simple to implement, primarily because computers are not good time keepers.

We are all used to the time being displayed on the bottom right hand of our computer desktops but this time is normally generated by the onboard crystal oscillator (normally quartz) on the motherboard.

Unfortunately these onboard clocks are prone to drift and a computer clock may lose or gain a second or so each day. While this may not sound like much, it can soon accumulate and with some networks consisting of hundreds and even thousands of machines, if they are all running different times its not hard to imagine the consequences; emails may arrive before they are sent, data may fails to backup, files will get lost and the networks will be amass of confusion and nearly impossible to debug.

To ensure synchronization throughout a network all devices must connect to a single time source. NTP (Network Time Protocol) has been devised for this very purpose and can distribute a time source to all devices and ensure that any drift is countered.

For true accuracy the single time source should be a source of UTC (Coordinated Universal Time) which is a global timescale that is used across continents and pays no heed to timezones, this allows networks on opposite sides of the Earth to be synchronized together.

A source of UTC should also be governed by an atomic clock as any drift in the time will mean that your network will be out of sync with UTC. By far the easiest, most efficient, secure, accurate and reliable method of receiving an atomic clock source of UTC is to use a dedicated NTP time server. NTP servers receive the UTC time from either the GPS network (Global Positioning System) or from radio transmission broadcast by national physics laboratories such as NIST or NPL.

Seven Reasons why your Network needs a Time Server

  |   By

Time servers, often referred to as NTP time servers after the protocol (Network Time Protocol) used to distribute time are an increasingly important part of any computer network. The NTP server receives a timing signal from an accurate source (such as an atomic clock) and then distributes it to all devices on the network.

However, despite the increasing importance of these time synchronisation devices, many network administrators still fail to accurately synchronise their networks and can leave their entire computer system vulnerable.

Here are seven reasons why a NTP time server is a crucial piece of equipment for YOUR network:

• Security: NTP servers use an external source of time and don’t rely on an open firewall port. An unsynchronized server will also be vulnerable to malicious users who can take advantage of time differences.

• Error logging: failing to adequately synchronize a computer network may mean that it is near impossible to trace errors or malicious attack, especially if the times on the log files from different machine do not match.

• Legal Protection: Not being able to prove the time can have legal implications if somebody has committed fraud or other illegal activity against your company.

• Accuracy: NTP Time Servers ensure that all networked computers are synchronized automatically to the exact time throughout your network so everybody in your company can have access to the exact time.

• Global Harmony: A global timescale known as UTC (Coordinated Universal Time) has been developed to ensure that systems across the globe can run the exact same time. By utilising a NTP server not only will every device on you network be synchronised together but your network will be synchronised with every other network on Earth that is hooked up to UTC.

• Control: With a NTP server you have control of the configuration. You can allow automatic changes each spring and autumn for daylight saving time or set your server time to be locked to UTC time only – or indeed, any time zone you choose.

• Automatic update of time. No user intervention required, a NTP time server will account for leap seconds and time zones ensuring trouble free synchronisation.

Benefits of Accurate Network Time Synchronization

  |   By

Your computer probably does hundreds and thousands of tasks a day. If that is part of a network then the number of tasks could be millions. From sending emails to saving data, and everything else your computer is tasked to do, they are all logged by the computer or server.

Computers use timestamps to logo processes and indeed, timestamps are used as the only method a computer has to indicate when and if a task or application has been conducted. Timestamps are normally a 16 or 32 bit integer (one long number) that counts back the seconds from a prime epoch – normally 01 January 1970.

So for every task you computer does it will be stamped with the number of seconds from 1970 that the transaction was conducted. These timestamps are the only piece of information a computer system has to ascertain what tasks have been completed and what tasks have yet to be instigated.

The problem with computer networks of more than one machine is that the clocks on individual devices are not accurate enough for many modern time sensitive applications. Computer clocks are prone to drift they are typically based on inexpensive crystal oscillator circuits and can often drift by over a second a day.

This may not seem much but in today’s time sensitive world a second can be a long time indeed especially when you take into account the needs of industries like the stock exchange where a second can be the difference in price of several percent or online seat reservation, where a second can make the difference between an available seat and one that is sold.

This drift is also accumulative so within only a few months the computer systems could be over a minute out of sync and this can have dramatic effects on time sensitive transactions and can result in all sorts of unexpected problems from emails not arriving as a computer thinks they have arrived before they have been sent to data not being backed up or lost completely.

A NTP time server or network time server are increasingly becoming crucial pieces of equipment for the modern computer network. They receive an accurate source of time from an atomic clock and distribute it to all devices on the network. As atomic clocks are incredibly accurate (they won’t drift by a second even in a 100,000 years) and the protocol NTP (Network Time Protocol) continually checks the devices time against the master atomic clock time – it means the computer network will be able to run perfectly synchronised with each device within a few milliseconds of the atomic clock.

Closed Circuit Cameras are Useless Without a Network Time Server

  |   By

For those of us that live in Britain, the CCTV camera (closed circuit TV) will be a familiar site on the high streets. Over four million cameras are in operation throughout the British Isles with every major city being monitored by state funded cameras which has cost the British taxpayer over £200 million ($400 million).

The reasons for use of such widespread surveillance have always been declared as to prevent and detect crime. However, critics argue that there is little evidence that CCTV cameras have done anything to dent the rising street crime on the UK’s streets and that the money could be better well spent.

One of the problems of CCTV is that many cities have both cameras controlled by local councils and privately controlled cameras. When it comes to crime detection the police often have to obtain as much evidence as possible which often means combining the different local authority controlled CCTV cameras with the privately controlled systems.

Many local authorities synchronise their CCTV cameras together, however, if the police have to obtain images from a neighbouring borough or from a private camera these may not be synchronised at all, of if so, synchronised to a different time completely.

This is where CCTV falls down in the fight against crime. Just imagine a suspected criminal is spotted on one CCTV camera committing a criminal act. The time on the camera could say 11.05pm but what if the police follow the suspects movements across a city and use footage from a privately owned camera or from other boroughs and while the CCTV camera that caught the suspect in the act may say 11.05, the other camera could spot the suspect minutes later only for the time to be even earlier. You could imagine a good defence lawyer taking full advantage of this.

To ensure their worth in the fight against crime, it is imperative that CCTV cameras are time synchronized using a network time server. These times servers ensure every device (in this case camera) is running the exact same time. But how do we ensure all cameras are synchronised to the same time source. Well fortunately, a global time source known as UTC (coordinated Universal Time) has been developed for this exact purpose. UTC is what governs computer networks, air traffic control and other time sensitive technologies.

A CCTV camera using a NTP server that receives a UTC time source from an atomic clock will not only be accurate but the time told on the devices will be provable in court and accurate to a thousandth of a second (millisecond).

Keeping Your Network Secure A Beginners Guide

  |   By

Network security is vitally important for most business systems. Whilst email viruses and denial-of-service attacks (DoS attack) may cause us headaches on our home systems, for businesses, these sorts of attacks can cripple a network for days – costing businesses hundreds of millions each year in lost revenue.

Keeping a network secure to prevent this type of malicious attack is usually of paramount importance for network administrators, and while most invest heavily in some forms of security measures there is often vulnerabilities inadvertently left exposed.

Firewalls are the best place to begin when you are trying to develop a secure network. A firewall can be implemented in either hardware or software, or most commonly a combination of both. Firewalls are used to prevent unauthorized users from accessing private networks connected to the Internet, especially local intranets. All traffic entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified criteria.

Anti-virus software works in two ways. Firstly it acts similarly to a firewall by blocking anything that is identified in its database as possibly malicious (viruses, Trojans, spyware etc). Secondly Anti-virus software is used to detect, and remove existing malware on a network or workstation.

One of the most over-looked aspects of network security is time synchronization. Network administrators either fail to realise the importance of synchronization between all devices on a network. Failing to synchronize a network is often a common security issue. Not only can malicious users take advantage of computers running at different times but if a network is struck by an attack, identifying and rectifying the problem can be near impossible if every device is running on a different time.

Even when a network administrator is aware of the importance of time synchronization they often make a common security mistake when attempting to synchronize their network. Instead of investing in a dedicated time server that receives a secure source of UTC (Coordinated Universal Time) externally from their network using atomic clock sources like GPS, some network administrators opt to use a shortcut and use a source of Internet time.

There are two major security issues in using the Internet as a time server. Firstly, to allow the time code through the network a UDP port (123) has to be left open in the firewall. This can be taken advantage of by malicious users who can use this open port as an entrance to the network. Secondly, the inbuilt security measure used by the time protocol NTP, known as authentication, doesn’t work across the Internet which means that NTP has no guarantee the time signal is coming from where it is supposed to.

To ensure your network is secure isn’t it time you invested in an external dedicated NTP time server?

Parking Tickets and the NTP Server

  |   By

There is nothing worse than returning to your car only to discover that your parking meter time limit has expired and you’ve got a parking ticket slapped on to your windscreen.

More-often-than-not it’s only a matter of being a couple of minutes late before an over eager parking attendant spots your expired meter or ticket and issues you a fine.

However, as the people of Chicago are discovering, whilst a minute may be the difference between getting back to the car in time or receiving a ticket, a minute may also be the difference between different parking meters.

It seems the clocks on the 3000 new parking meter pay boxes in Cale, Chicago have been discovered to be unsynchronized. In fact, of the nearly 60 pay boxes observed, most are off at least a minute and in some cases, nearly 2 minutes from what is “actual” time.

This has posed a headache to the firm in charge of parking in the Cale district and they could face legal challenges from the thousands of motorists that have been given tickets from these machine.

The problem with the Cale parking system is that while they claim they regularly calibrate their machine there is no accurate synchronization to a common time reference. In most modern applications UTC (Coordinated Universal Time) is used as a base timescale and to synchronize devices, like Cale’s parking meters, a NTP server, linked to an atomic clock will receive UTC time and ensure every device has the exact time.

NTP servers are used in the calibration of not just parking meters but also traffic lights, air traffic control and the entire banking system to name but a few applications and can synchronize every device connected to it to within a few milliseconds of UTC.

It’s a shame Cale’s parking attendants didn’t see the value of of a dedicated NTP time server – I’m sure they are regretting not having one now.