NTP,Security,Authentication,an computer NTP Security: Authentication and Trusted Time References
----------------------------------------------------------Permission is granted for the below article to forward,reprint, distribute, use for ezine, newsletter, website,offer as free bonus or part of a product for sale as longas no changes a Gone are those times when the companies and the organisations didn't need a hi-tech system to handle them. Owing to the considerable increase in the business sector and thus, an enormous increase in the complexity of the organisational struc
NTP(Network Time Protocol) synchronises networks to a single time source usingtimestamps to represent the current time of the day, this is essential for timesensitive transactions and many system applications such as email.NTP istherefore vulnerable to security threats, whether from a malicious hacker whowants to alter the timestamp to commit fraud or a DDoS attack (DistributedDenial of Service - normally caused by malicious malware that floods a serverwith traffic) that blocks server access.However,being one of the Internets oldest protocols and having been developed for over25 years, NTP is equipped with its own security measures in the form ofauthentication.Authenticationverifies that each timestamp has come from the intended time reference byanalysing a set of agreed encryption keys that are sent along with the timeinformation. NTP, using Message Digest encryption (MD5) to un-encrypt the key,analyses it and confirms whether it has come from the trusted time source byverifying it against a set of trusted keys.Trustedauthentication keys are listed in the NTP server configuration file (ntp.conf)and are normally stored in the ntp.keys file. The key file is normally verylarge but trusted keys tell the NTP server which set of subset of keys iscurrently active and which are not. Different subsets can be activated withoutediting the ntp.keys file using the trusted-keys config command.Authenticationis therefore highly important in protecting a NTP server from malicious attack;however there are many time references were authentication cant be trusted.Microsoft,who has installed a version of NTP in their operating systems since Windows2000, strongly recommends that a hardware source is used as a timing referenceas Internet sources cant be authenticated.NTP isvital in keeping networks synchronised but equally important is keeping systemssecure. Whilst network administrators spend thousands in anti-viral/malwaresoftware many fail to spot the vulnerability in their time servers.Many networkadministrators still entrust Internet sources for their time reference. Whilstmany do provide a good source for UTC time (Coordinated Universal Time - theinternational standard of time), such as nist.gov, the lack of authenticationmeans the network is open to abuse.Othersources of UTC time are more secure and can be utilized with relatively lowcost equipment. The easiest method is to use a specialist NTP GPS time serverthat can connect to a GPS antenna and receive an authenticated timestamp bysatellite.GPS timeservers can provide accuracy to UTC time to within a few nanoseconds as long asthe antenna has a good view of the sky. They are relatively cheap and thesignal is authenticated providing a secure time reference.Alternativelythere are several national broadcasts that transmit a time reference. In the UKthis is broadcast by the National Physics Laboratory (NPL) in Cumbria. Similarsystems operate in Germany, France and the US. Whilst this signal isauthenticated, these radio transmissions are vulnerable to interference and havea finite range.Authenticationfor NTP has been developed to prevent malicious tampering with systemsynchronisation just as firewalls have been developed to protect networks fromattack but as with any system of security it only works if it is utilised.
NTP,Security,Authentication,an