Last updated on November 16th, 2022 at 05:29 pm
Time synchronization has and is very important for computers and networks. Windows workstations in a Windows Active Directory (AD) network will retrieve their time from the Windows Domain Controller. But what about other devices like switches, firewalls, and wireless? We’ll get to those later. Time has become even more important, especially with many devices, services, and technologies using certificates. Cyber Security has become very dependent on time accuracy for tracking events, artifacts (tracks or traces left behind by a hacker or similar event), and synchronizing logs.
Network Time Protocol (NTP) has been the standard for years for time synchronization and is still widely used today. There is a secure version of NTP, SNTP, but we won’t touch on that in this post. Network devices like switches, firewalls, wireless, and other devices can use NTP for time synchronization. But where do they retrieve (sync) their time? Many sources can be used to include Internet NTP servers and NTP appliances. It’s worth noting that some devices are picky about the source they use. For example, most Cisco devices don’t like using Windows Domain Controllers as a time source. Also, Windows servers, workstations, and Linux operating systems can use NTP.
So let’s discuss NTP sources. As mentioned, Internet NTP servers are widely used by single devices to large-scale deployments of devices that will use Internet NTP sources. In this case, a firewall rule will allow NTP access to the Internet; sometimes, this rule will specify the NTP protocol and source (destination), but many times, unfortunately, a firewall rule will allow all traffic, and that will include NTP. If using an Internet NTP source, I have recently been using Google and NIST NTP, though it will be worth researching NTP sources in countries outside the US. Though the NTP pool by ntp.org is probably a good option, Google NTP may be available in most countries. Below are my NTP Internet source notes.
For security, some companies won’t allow Internet NTP access which is understandable. Also, for time accuracy, some need more precise time than what the Internet servers can provide. This is where an NTP appliance comes in. These are mostly 1U ( a U is rack unit spacing and so 1 U = 1.75 inches) appliances that connect to the internal network and provide NTP to devices that request it. They are very secure as some use a flavor of Linux, modified Linux, or proprietary software. They are customizable regarding which network or hosts can request time, where the appliance gets its time, and many other options. How do these appliances retrieve their time?
Today many use GPS, which is very accurate and can provide additional information. The downside of using GPS is that the appliance needs an antenna, usually run from the appliance in a data center or room to the roof of the building. Some can use mobile (cell) phone services, and some can use Internet sources. Some appliances can use a combination of these sources. If an appliance uses an Internet source, a firewall rule can be simple and more secure by specifying only the appliance with NTP Internet access and a specific destination (NTP source).
In some forums, NTP sources have become a debated topic. Some have suggested and stated they use a router as an NTP source. I did just that many years ago, but today, in large corporations, it’s usually not an acceptable source. Given the security, accuracy, options, ease of management, and low cost, an NTP appliance has become a no-brainer. I have successfully used them for years now without issue and highly recommended.
If you need more precise time synchronization than NTP, you can use Precision Time Protocol (PTP). PTP is commonly used in financial and manufacturing verticles. Here is an article on Perle’s website about PTP (I have used Perle products for years for remote terminal access; great products). https://www.perle.com/supportfiles/precision-time-protocol.shtml
If an Internet NTP source is needed, I have used these without issue for a while (in the US).
Google NTP
time.google.com
https://developers.google.com/time/
NIST NTP:
time.nist.gov
https://tf.nist.gov/tf-cgi/servers.cgi
NTP Pool:
0.pool.ntp.org
1.pool.ntp.org
2.pool.ntp.org
3.pool.ntp.org
https://www.ntppool.org/en/use.html
Copyright © Packet Passers 2024