In today's modern network infrastructure, millions of dollars are spent to ensure that networks are reliable, highly available, and most of all, secure! Cybersecurity has emerged as the critical area in all facets of the internet, yet still, there are often-overlooked areas which can degrade security measures meant to protect. One such example is time synchronization.
As simple as it sounds, time plays a critical role in synchronizing core business applications, and network systems. It supports authentication protocols as well as ensuring accurate log files critical for an audit trail, and absolutely necessary for cyber forensic tools. Having accurate, reliable, and secure timing throughout your network improves several different network security applications like:
- Intrusion detection and forensic analysis
- Log file accuracy, auditing and monitoring
- Network fault diagnosis and recovery
- Access security and authentication
- Scheduled and automated operations
Accurate time is available from one or more publicly available time servers, via the internet. These public time servers act as a source for Universal Coordinated Time (UTC), an internationally recognized time standard. This may seem like a good idea, and an easy way to get accurate time however, using time from the internet usually requires opening up port 123 for NTP traffic through your firewall(s). Essentially, this means leaving a well known door open and from a security perspective, is a big problem.
This White Paper discusses the differences between time sources; internal vs. external, with considerations for traceability for a network deployment of Network Time Protocol (NTP)