Cyber Attacks and the Importance Time Server Security
| By Richard N Williams
The media is full of stories of cyber terrorism, state sponsored cyber warfare and internet sabotage. While these stories may seem like they come from a science fiction plot, but the reality is that with so much of the world now dependent on computers and the internet, cyber attacks are a real concern for governments and businesses alike.
Crippling a website, a government server or tampering with systems like air-traffic control can have catastrophic effects—so no wonder people are worried. Cyber attacks come in so many forms too. From computer viruses and trojans, that can infect a computer, disabling it or transferring data to malicious users; distributed denial of service attacks (DDoS) where networks become clogged up preventing normal use; to border gateway protocol (BGP) injections, which hijack server routines causing havoc.
As precise time is so important for many technologies, with synchronisation crucial in global communication, one vulnerability that can be exploited is the online time server.
By sabotaging a NTP server (Network Time Protocol) with BGP injections, servers that rely on them can be told it’s a completely different time than it is; this can cause chaos and result in a myriad of problems as computers rely solely on time to establish if an action has or hasn’t taken place.
Securing a time source, therefore, is essential for internet security and for this reason, dedicated NTP time servers that operate externally to the internet are crucial.
Receiving time from the GPS network, or radio transmissions from NIST (National Institute for Standards and Time) or the European physical laboratories, these NTP servers can’t be tampered with by external forces, and ensure that the network’s time will always accurate.
All essential networks, from stock exchanges to air traffic controllers, utilise external NTP servers for these security reasons; however, despite the risks, many businesses still receive their time code from the internet, leaving them exposed to malicious users and cyber attacks.