Network Time Protocol Security

  |   By

The protocol used by most network time servers is NTP (Network Time Protocol) and has been around for quite a long time yet it is constantly being updated and developed offering ever higher levels of accuracy and security.

Synchronisation is an essential part of modern computer networks and is essential for keeping a system secure. Without NTP and time synchronisation a computer network can be vulnerable o malicious attacks and even fraud.

Even with a perfectly synchronised network security can still be an issue but there are a few key steps that can be taken to ensure your network is kept secure.

Always use a dedicated Network Time Server. Whilst Internet time sources are common place they are a time source situated outside the firewall. This will have obvious security draw backs as a malicious user can take advantage of the ‘hole’ left in your firewall to communicate with the NTP server. A dedicated NTP server will receive a time signal from an external source.

Normally these types of dedicated time servers will utilise either the GPS network (Global Positioning System) or specialist national time and frequency radio transmissions. Both these time sources offer an accurate and reliable method of UTC time (coordinated universal time) whilst also being secure.

Another way to ensure security is to take advantage of NTP’s built-in security mechanism – authentication. Authentication is a set of encrypted keys that are used to establish if the time source is coming from where it is claiming to come from.

Authentication verifies that each timestamp has come from the intended time reference by analysing a set of agreed encryption keys that are sent along with the time information. NTP, using Message Digest encryption (MD5) to un-encrypt the key, analyses it and confirms whether it has come from the trusted time source by verifying it against a set of trusted keys.

Trusted authentication keys are listed in the NTP server configuration file (ntp.conf) and are stored in the ntp.keys file. The key file is normally very large but trusted keys tell the NTP server which set of subset of keys is currently active and which are not. Different subsets can be activated without editing the ntp.keys file using the trusted-keys config command.

Authentication is highly important in protecting a NTP server from malicious attack; however Internet time sources can’t be authenticated which doubles the risk of using an Internet based time reference.

Next Generation of Atomic Clocks Accurate to a Second in 200 Million Years

  |   By

Atomic clocks have been around since the 1950’s. They have provided incredible accuracy in timekeeping with most modern atomic clocks not losing a second in time in a million years.

Thanks to atomic clocks many technologies have become possible and have changed the way we live our lives. Satellite communication, satellite navigation, internet shopping and network communication are only possible thanks to atomic clocks.

Atomic clocks are the basis for the world’s global timescale Universal Coordinated Time (UTC) and are the reference that many computer networks use as a time source to distribute amongst its devices using NTP (Network Time Protocol) and a time server.

Atomic clocks are based on the atom caesium -133. This element has been traditionally used in atomic clocks as its resonance or vibrations during a particular energy state, or extremely high (over 9 billion) and therefore can provide high levels of accuracy.

However, new types of atomic clocks are on the horizon that will boast even more accuracy with the next generation of atomic clocks neither gaining nor losing a second in 200 million years.

The next generation of atomic clocks no longer rely on the caesium atom but use elements such as mercury or strontium and instead of using microwaves such as the caesium clocks these new clocks use light which has higher frequencies.

Strontium’s resonance also exceeds over 430 trillion which is vastly superior to the 9.2 billion vibrations that caesium manages.

Currently atomic clocks can be utilised by computer systems by using either a radio or GPS clock or dedicated NTP time server. These devices can receive the time signal transmitted by atomic clocks and distribute them amongst network devices and computers.

However, the National Institute for Standards and Technology (NIST) have revealed a miniature atomic clock that measures just 1.5 millimetres on a side and about 4 millimetres tall. It  consumes less than 75 thousandths of a watt, and has a stability of about one part in 10 billion, equivalent to a clock that would neither gain nor lose more than a second in 300 years.

In the future these devices could be integrated into computer systems, replacing the current real time clock chips, which are notoriously inaccurate and can drift.

Time Server Top Tips for Time Synchronisation

  |   By

Time synchronisation is an integral part of modern computer networking particularly with the Internet and online communication having become so dominant.

Communicating with machines across the globe requires exact time synchronisation otherwise many of the online tasks we take for granted would not be possible. Time in the form of timestamps is the only form of reference a computer has to identify the order of events. So with time sensitive transactions time synchronisation is pivotal.

Here are some tips to ensure your network is running precise and accurate time as possible:

NTP (Network Time Protocol) is the world’s leading time synchronisation software. There are other time protocols but NTP is the most widely used and best supported.

Most computer networks across the globe are synchronised to UTC (Coordinated Universal Time). This is a global timescale based on the time told by atomic clocks. Always use a UTC source to synchronise too.

Always use an external hardware source as a timing reference as time sources from the Internet can not be authenticated. Authentication is a security measure used by NTP to ensure a timing reference is coming from where it says it is from. Also using an Internet timing source means that the reference is outside your networks firewall, this can cause added security risks.

Dedicated time servers can receive UTC signals from radio transmissions and the GPs network. These offer the most secure, accurate and reliable method of receiving a UTC time reference.

Networks based in Britain, Germany, the USA and Japan have access to long-wave time and frequency transmissions that are broadcast by national physics labs. These broadcasts are accurate and reliable and often the dedicated time servers that receive them are less expensive than their GPS alternatives.

GPS is available everywhere on the globe as a source of UTC time. GPS antennas do good a good 180 degree view of the sky and require a good 48 hours to receive a stable ‘locked’ satellite fix.

Arrange your network into strata. Stratum levels signify the distance from a timing source. A stratum 0 server is an atomic clock while a stratum 1 server is a dedicated time server that receives the time from a stratum 0 source. Stratum 2 devices are machines that receive their timing source from a stratum 1 server but stratum 2 devices can also be used to pass on timing information. By ensuring you have enough stratum levels you will avoid congestion in your network and time server.

UTC Radio References from Around the World

  |   By

UTC (Coordinated Universal Time) is the global civil timescale used by millions of people, businesses and authorities across the globe. UTC is based on the time told by caesium atomic clocks. These clocks are the most reliably accurate chronometers on Earth, able to maintain accurate time for several millions of years whilst neither losing nor gaining a second.

Unfortunately caesium clocks are far too expensive and delicate pieces of machinery to make it practical for us all to have one but fortunately the time that they tell is transmitted by several countries. These nation’s national physics laboratories tend to broadcast the UTC time from these clocks by long-wave.

In the UK the 60 kHz transmission is broadcast by the National Physical Laboratory from a transmitter in Anthorn in Cumbria (it was based in Rugby until 2007). NPL constantly maintain the transmissions and assess its accuracy. Whilst the MSF signal is a British based transmission is possible to receive the signal in some parts of northern Europe and Scandinavia.

However, in mainland Europe, the strongest time and frequency signal is the German transmission broadcast from Frankfurt in Germany. This signal known as the DCF is controlled and maintained by the German National Physics Laboratory. While Switzerland also has its own time and frequency signal, the German DCF signal is by far the most widely used in Europe.

In the USA a similar system is maintained by NIST (National Institute for Standards and Time) and is broadcast from Fort Collins, Colorado. This signal is known as WWVB and is available in most parts of Northern America (including Canada).

Japan maintains its own timing broadcast (JJY) also which is popular in the south pacific and several other countries (such as France) maintain their own signals too although these tend to have only minor coverage.

All these times signals operate in a similar fashion. The strength of the signal is either reduced by between 6 and 10 dB or switched off for a specific amount of time before being restored at the start of each second. The amount of time the signal is reduced indicates a stream of binary numbers with positioning markers.
The signals operate on a 60 kHz frequency and carry a time and date code which relays the following information in binary format: Year, month, day of month,  day of week,  hour,  minute,  DUT1 (the difference between UTC and UT1 which is based on the Earths rotation). The signals also relay information about local time such as British Summer Time.

How to Configure an Authoritative Time Server in Windows Server 2008

  |   By

Time synchronisation in modern computer networks is essential, all computers need to know the time as many applications, from sending an email to storing information are reliant on the PC knowing when the event took place.

Microsoft Windows Server from 2000 onwards has a time synchronisation utility built into the operating system called Windows Time (w32time.exe) which can be configured to operate as a network time server.

Windows Server 2008 can easily set the system clock to use UTC (Coordinated Universal Time, the World’s time standard) by accessing an Internet source (either: time.windows.com or time.nist.gov).

To achieve this, a user merely has to double click the clock on their desktop and adjust the settings in the Internet Time tab.

It must be noted however, that Microsoft and other operating system manufacturers strongly advise that external timing references should be used as Internet sources can’t be authenticated.

To configure the Windows Time service to use an external time source, click Start, Run and type regedit then click OK.

Locate the following subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type
In the right pane, right-click Type then click Modify, in edit Value type NTP in the Value data box then click OK.

Locate the following subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags.
In the right pane, right-click AnnounceFlags and click Modify. The ‘AnnounceFlags’ registry entry indicates whether the server is a trusted time reference, 5 indicates a trusted source so in the Edit DWORD Value box, under Value Data, type 5, then click OK.

Network Time Protocol (NTP) is an Internet protocol used for the transfer of accurate time, providing time information along so that a precise time can be obtained
To enable the Network Time Protocol; NTPserver, locate and click:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer\
In the right pane, right-click Enabled, then click Modify.

In the Edit DWord Value box, type 1 under Value data, then click OK.

Now go back and click on
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\NtpServer
In the right pane, right-click NtpServer, then Modify, in the Edit DWORD Value under Value Data type In the right pane, right-click NtpServer, then Modify, in the Edit DWORD Value under Value Data type the Domain Name System (DNS), each DNS must be unique and you must append 0x1 to the end of each DNS name otherwise changes will not take effect.

Now click Ok.

Locate and click the following
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\SpecialPollInterval
In the right pane, right-click SpecialPollInterval, then click Modify.

In the Edit DWORD Value box, under Value Data, type the number of seconds you want for each poll, ie 900 will poll every 15 minutes, then click OK.
To configure the time correction settings, locate:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\config
In the right pane, right-click MaxPosPhaseCorrection, then Modify, in the Edit DWORD Value box, under Base, click Decimal, under Value Data, type a time in seconds such as 3600 (an hour) then click OK.
Now go back and click:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\config
In the right pane, right-click MaxNegPhaseCorrection, then Modify.

In the Edit DWORD box under base, click Decimal, under value data type the time in seconds you want to poll such as 3600 (polls in one hour)
Exit Registry Editor
Now, to restart windows time service, click Start, Run (or alternatively use the command prompt facility) and type:

net stop w32time && net start w32time
And that’s it your time server should be now up and running.

Windows Time Server Synchronising Your Network With NTP

  |   By

Nearly all a computers activity involves time whether logging a timestamp for when a network was accessed to sending an email, knowing the time is crucial for computer applications.

All computers have an on-board clock that provides time and date information. These Real Time Clock (RTC) chips are battery backed so that even when off they can maintain time, however these RTC chips are mass produced and cannot maintain accurate time and tend to drift.

For many applications this can be quite adequate, however if a computer is on a network and needs to talk to other machines, failing to be synchonised to the correct time can mean many time-sensitive transactions can not be completed and can even leave the network open to security threats.

All versions of Windows Server since 2000 have included a time synchronization facility, called Windows Time Service (w32time.exe), built into the operating system. This can be configured to operate as a network time server synchronizing all machines to a specific time source.

Windows Time Service uses a version of NTP (Network Time Protocol), normally a simplified version, of the Internet protocol which is designed to synchronise machines on a network, NTP is also the standard for which most computer networks across the global use to synchronise with.

Choosing the correct time source is vitally important. Most networks are synchronized to UTC (Coordinated Universal Time) source. UTC is a global standardized time based on atomic clocks which are the most accurate time sources.

UTC can be obtained over the Internet from such places as time.nist.gov (us Naval Observatory) or time.windows.com (Microsoft) but it must be noted that internet time sources can not be authenticated which can leave a system open to abuse and Microsoft and others advise using an external hardware source as a reference clock such as a specialized NTP server.

NTP servers receive their time source from either a specialist radio transmission from national physics laboratories which broadcast UTC time taken from an atomic clock source or by the GPS network which also relays UTC as a consequence of needing it to pin point locations.

NTP can maintain time over the public Internet to within 1/100th of a second (10 milliseconds) and can perform even better over LANs.

Keeping accurate time on Linux

  |   By

If you want to be sure that your computer clock is accurate you can configure your system to use NTP (Network Time Protocol), one of the oldest Internet protocols and the industry standard for time synchronisation.

NTP on will synchronise your computer’s clock to a pool of time servers around the world that are official ‘timekeepers’. It is best to choose the closest to you so response time is minimized and to use more than one in case one goes down. There are more than 1.500 servers to choose from, but some areas are better served than others. Many servers on the internet are extremely inaccurate and Internet time references should not be used as a replacement for a dedicated time server.

However, for basic time synchronisation purposes, Internet providers will suffice. The first step should be to select three servers close to you – preferably in your country, or if there aren’t enough, in your ‘zone. Go to ntp home and browse through the tree of zones and servers to select which ones are best for you. The follow these commands to configure:

1. Configure /etc/ntp.conf
Edit this file with a text-editor. Replace
server <example-server-name>
with your servers, such as:

server 0.br.pool.ntp.org
server 1.br.pool.ntp.org
server 2.br.pool.ntp.org

2. Synchronise your clock manually
If your clock is drifting too NTP might refuse to synchronise it, but it can be done manually:

ntpdate 0.br.pool.ntp.org (server name that you choose)

3. Make your ntp daemon executable

chmod +x /etc/rc.d/rc.ntpd

4. Start NTP now without rebooting
Again, a simple command:

/etc/rc.d/rc.ntpd start

Basic Time Server Information

  |   By

All PC’s and networking devices use clocks to maintain an internal system time. These clocks, called Real Time Clock chips (RTC) provide time and date information. The chips are battery backed so that even during power outages, they can maintain time.

Computer networks rely on timekeeping for nearly all their applications, from sending an email to saving data, a timestamp is necessary for computer to keep track. All routers and switches need to run at the same rate, out of sync devices can lead to data being lost and even entire connections.

For some transactions it is necessary for computers to be perfectly synchronised, even a few seconds difference between machines can have serious effects, such as finding an airline ticket you had booked had been sold moments later to another customer or you could draw your savings out of a cash machine and when your account is empty you could quickly going to another machine and withdraw it all again.

However, personal computers are not designed to be perfect clocks, their design has been optimized for mass production and low-cost rather than maintaining accurate time. However, these internal clocks are prone to drift and although for many application this can be quite adequate, often machines need to work together on a network and if the computers drift at different rates the computers will become out of sync with each other and problems can arise particularly with time sensitive transactions.

Time servers are like other computer servers in the sense they are usually located on a network. A time server gathers timing information, usually from an external hardware source and then synchronises the network to that time.

Most time servers use NTP (Network Time Protocol) which is one of the Internet’s oldest protocols still used, invented by Dr David Mills from the University of Delaware, it has been in utilized since 1985. NTP is a protocol designed to synchronize the clocks on computers and networks across the Internet or Local Area Networks (LANs).

NTP utilises an external timing reference and then synchronises all devices on the network to that time.

There are various sources that a NTP time server can use as a timing reference. The Internet is an obvious source, however, internet timing references from the Internet such as nist.gov and windows.time can not be authenticated, leaving the time server and therefore the network vulnerable to security threats.

Often time servers are synchronised to a UTC (Coordinated Universal time) source which is the global standard time scale and allows computers all over the world to synchronised to exactly the same time. This has obvious importance in industries where exact timing is crucial such as the stock exchange or airline industry.

UTC A global Timescale

  |   By

Coordinated Universal Time (UTC – from the  French Temps Universel Coordonné) is an international timescale based on the time told by atomic clocks. Atomic clocks are accurate to within a second in several million years. They are so accurate that International Atomic Time, the time relayed by these devices, is even more accurate than the spin of the Earth.

The Earth’s rotation is affected by the gravity of the moon and can therefore slow or speed up. For this reason, International Atomic Time (TAI from the French Temps Atomique International) has to have ‘Leap seconds’ added to keep it in line with the original timescale GMT (Greenwich meantime) also referred to as UT1, which is based on solar time.

This new timescale known as UTC is now used all over the world allowing computer networks and communications to be conducted at opposite sides of the globe.

UTC is governed not by an individual country or administration but a collaboration of atomic clocks all over the world which ensures political neutrality and also added accuracy.

UTC is transmitted in numerous ways across the globe and is utilised by computer networks, airlines and satellites to ensure accurate synchronisation no matter what the location on the Earth.

In the USA NIST (National Institute of Standards and Technology) broadcast UTC from their atomic clock in Fort Collins, Colorado. The National Physics Laboratories of the UK and Germany have similar systems in Europe.

The internet is also another source of UTC time. Over a thousand time servers across the web can be used to receive a UTC time source, although many are not precise enough for most networking needs.

Another, secure and more accurate method of receiving UTC is to use the signals transmitted by the USA’s Global Positioning System. The satellites of the GPS network all contain atomic clocks that are used to enable positioning. These clocks transmit the time which can be received using a GPS receiver.

Many dedicated time servers are available that can receive a UTC time source from either the GPS network or the National physics Laboratory’s transmissions (all of which are broadcast at 60 kHz longwave).

Most time servers use NTP (Network Time Protocol) to distribute and synchronise computer networks to UTC time.

Network Time Protocol (NTP), Understanding Synchronisation.

  |   By

Network Time Protocol seems to have been around for ever. In fact it is indeed one of the Internet’s oldest protocols having been developed in the 1980’s by Professor David Mills and his team from Delaware University.

In a laid-back world it perhaps doesn’t matter if computer networks are not synchronised. The only consequences of timing errors could be that an email arrives before it was sent but in industries such as airline seat reservation, the stock exchange or satellite communication, fractions of a second can cause serious errors such as selling seats more than once, the loss of millions of dollars or even fraud.

Computers are logical machines and as time is linear to a computer any event that happens on one machine must happen before news of that event reaches another. When networks are not synchronised computers struggle to deal with events that have obviously occurred (such as an email being sent) but according to their clock and time stamp it hasn’t yet, just think back to the millennium bug where it was feared clocks would jump back to 1900!

For this very reason NTP was developed.  NTP uses an algorithm (Marzullo’s algorithm) to synchronise the time with the current version of NTP can maintain time over the public Internet to within 10 milliseconds and can perform even better over LANs. NTP time servers work within the TCP/IP suite and rely on UDP (User Datagram Protocol).

NTP servers are normally dedicated NTP devices that use a single time reference to synchronise a network to. This time reference is most often a UTC (Coordinated Universal Time) source. UTC is a global time scale distributed by atomic clocks via the Internet, specialist long wave radio transmissions or via the GPS (Global Positioning System) network.

The NTP algorithm uses this time reference to determine the amount to advance or retreat the system or network clock. NTP analyses the timestamp’s values including the frequency of errors and its stability. A NTP server will maintain an estimate the quality of both the reference clocks and itself.

NTP is hierarchical. The distance from the timing reference is divided into strata. Stratum 0 is the atomic clock reference; Stratum 1 is the NTP server, while Stratum 2 is a server that receives timing information from the NTP server. NTP can support almost limitless strata although the further away from the timing reference you go the less accurate it will be.

As each stratum level can both receive and send timing signals, the advantage of this hierarchical system is that thousands of machines can be synchronised with only the need for one NTP server.

NTP contains its a security measure called authentication. Authentication verifies that each timestamp has come from the intended time reference by analysing a set of encryption keys that are sent with the time reference.  NTP analyses it and confirms whether it has come from the time source by verifying it against a set of trusted keys in its configuration files.

However, authentication is unavailable from timing sources from across the Internet which is why Microsoft and Novell amongst others strongly recommend only external time references are used such as a dedicated GPS NTP server or one that receives the national time and frequency long wave transmission.