It is important for the security of networks, systems, communication and application protocols that require synchronized or accurate time on the computers on which they run.
A good practice of any computer security system is regular review and analysis of both certain standard system log files as well as the log files created by firewalls and intrusion detection systems. If time is not synchronized on different computers within a network, it will be difficult to accurately match actions logged on different computers. During an intrusion, even if your computers all have the same time, it might be difficult to correlate logged activities with outside actions if your computers' times are wrong.
This is very crucial should an incident occur to your organization and if you are reporting the incident to your CERT Team. Log analysis would become difficult and uncertain if the times on all systems are not synchronized.
Network Time Protocol (NTP)
NTP synchronizes clocks to the Universal Time Coordinated (UTC) standard, the international time standard.
NTP functions as part of the UDP protocol suite, which in turn is part of the TCP/IP protocol suite. Therefore, a computer using NTP must have the TCP/IP protocol suite loaded. Any computers on your network with Internet access can get time from NTP servers on the Internet.
NTP introduces the concept of a stratum. A stratum-1 server has an attached accurate time piece such as a radio clock or an atomic clock. A stratum-2 server gets time from a stratum-1 server, and so on.
For this purpose, MyCERT has produced a document cum guideline on time synchronization for various Operating Systems. It is hoped that this guideline would assist System Administrators to have one synchronized time stamp for all devices within their network.
Back
