Dangers of Free Time
We are all looking for freebies, particularly in the present financial climate and the internet is not short of them. Free software, free films, free music, almost everything these days has a free version. Even critical applications for our computers and networks such as anti-virus can come free. So it is understandable that when network administrators want to synchronize the time on computer networks they turn to free sources of UTC time (UTC – Coordinated Universal Time) to synchronize their networks using the operating systems’ own inbuilt NTP server.
However, just as there is no such thing as a free lunch, free time sources come with a cost too. To start with all time servers on the internet that are available for the public to use are stratum 2 servers. This means they are devices that receive the time from another device (a stratum 1 time server) that gets it from an atomic clock. While this second hand time source shouldn’t lose too much time compared to the original, for high levels of accuracy there will be a noticeable drift.
Furthermore, internet time sources are based outside the network firewall. For access to the time server a UDP port needs to be left open. This will mean the network firewall will intrinsically have a hole in it which could be manipulated y a malicious user or aggressive malware.
Another consideration is the inbuilt security that the time transfer protocol NTP (Network Time Protocol) uses to assess the time signal it receives is genuine. This is referred to as authentication but is unavailable across the internet. Meaning the time source may not be what it claims to be and with a hole in the firewall it could result in a malicious attack.
Internet time sources can also be unreliable. Many are too far from clients to provide any real accuracy some time sources available on the internet are wildly out (some by hours not just minutes). There are however, more reputable stratum 2 servers available and the NTP pool has details of those.
For real accuracy with none of the security threats the best solution is to use an external time source. The best method for doing this is to utilise a dedicated NTP server. These devices work exterior to the firewall and receive the time either direct from GPS satellites or via broadcasts by national physics labs such as NIST or NPL.