A Look at Network Time Protocol Security
View PDF | Print View
Total views: 30
Word Count: 507
A unique feature which sets Network Time Protocol (NTP) apart from others is the fact they are well capable to synchronize different networks to a given time source. It does so by using timestamps. NTP's are very useful to system applications like email and other time sensitive transactions. This feature of NTP renders it susceptible to security threats. Be it a malicious hacker or a Distributed Denial of Service (DDoS) attack, the threat is often there.
All said and done, NTP remains one of the oldest protocol of the internet. It was first developed over twenty five years back and has got its own set of security measures in place to protect from possible threats. Authentication process starts with verification of each timestamp; in checking that it has come from the intended time reference. This is followed by analyzing the encryption keys that are sent along with the time information. NTP compares them with a set of trusted keys by using message digest encryption. A lot of analysis is done to see whether it has come from the intended time source or not.
In the NTP server configuration file, you can find many listed authentication keys. They are normally stored in the ntp.keys file. Trusted keys are responsible in updating the NTP server regarding activeness of different subsets of keys. Using trusted-keys command, many subsets can be activated. This can be done even when ntp.keys is not edited. Hence, the need to authenticate a NTP server is being realized. By doing so, you can protect it from malicious attacks. However, there are few instances when these authentications cannot be trusted. In fact, Microsoft has installed a version of NTP into the later versions of their operating systems. They recommend that a hardware source be installed too for the sake of timing reference, as internet sources can't be trusted.
NTP is very useful in keeping all the networks synchronized while keeping the systems secure from any threats. It is pity to think that many network administrators spend thousands in getting anti malware/viral solutions erected, without ever realizing the problem area or vulnerable spots in their time servers. Most of these administrators still rely on internet sources for time reference. Even though few internet sources do provide consistent UTC time; lack of their authenticity would mean that the network is susceptible to abuses. There are other sources of UTC time as well. One such method is to employ an expert NTP GPS time server. This is capable enough to receive authenticated timestamps from satellite via a GPS antenna.
There are many national broadcasters in UK, France, Germany and the US; that transmit a time reference. Radio transmissions are always susceptible until their signals are authenticated and thus have a finite range. It is to be noted that just like firewalls are constructed to keep the networks protected, NTP's are being authenticated to prevent any malicious attack on it. Having said this, the security will work fine only as long as they are used properly.
No comments posted.