NTP – Network Time Protocol

Network Time Protocol (NTP) is used for network devices, servers and workstations to periodically correct deviations in the system time reported by operating systems through a synchronisation process. The protocol is designed to compensate for variable latencies in the network.

Accurate time on network devices, servers and workstations ensures that timestamps tat are reported in log files such as the system log (SYSLOG) are within minimal tolerance, facilitating comparison of log entries between different systems and devices.  This is essential when an intrusion or security breach has been detected, and for a corresponding forensic investigation.

For redundancy purposes, two or more internal time servers should be created. A list of publicly accessible and restricted-access time sources is provided by the Internet Systems Consortium (ISC) or dedicated time server can be implemented which can synchronise time via GPS or GSM networks.

NTP should be protected using authentication to ensure that communication with NTP server cannot be interfered with.  An MD5 hash should be used was the authentication text.  Access Controls Lists (ACL’s) should be used on the nominated NTP server to limit which systems are able to update the time and which systems are allowed to synchronise from the server.  This is done with the ’ntp access-group’ command on Cisco devices.

All Client XYZ network devices should obtain time from a centralised time source.

Client XYZ to implement Network Time Protocol (NTP) capabilities within the network.  The internal time servers should synchronise their time with a known time source ever 1-2 days. It is recommended that a stratum 1 or stratum 2 server be used, or if one is not available, then a time source from Oceania pool is recommended.

All network devices, servers and workstations within the internal network should periodically synchronise their system time with the internal time servers.  A synchronisation interval of less than 14 days is recommended to reduce the impact of clock drift on these NTP clients.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s