EXPERT RESPONSE
I often feel that many network and system administrators don't pay enough attention to the issues of system clock accuracy and time synchronization. Computer clocks can run faster or slower over time, batteries and power sources die, or daylight-saving time changes are forgotten. Sure, there are lots of more pressing security issues to deal with, but not ensuring that the time on network devices is synchronized can cause problems. And these problems often only come to light after a security incident.
If you suspect a hacker is accessing your network, for example, you will want to analyze your log files to look for any suspicious activity. If your network's security devices do not have synchronized times, the inaccuracy of the time stamps makes it impossible to correlate log files from different sources. Not only will you have difficulty in tracking events, but you will also find it difficult to use such evidence in court; you won't be able to illustrate a smooth progression of events as they occurred throughout your network.
Unsynchronized clocks can also affect automated tasks. If certain processes run out of sequence, such as transaction processing and backups, then the results of these processes may cause discrepancies, due to the transaction times failing to tally. Mismatched timestamps often cause financial and database program errors.
Even on home computers, an incorrect clock can cause problems. Your email messages are time-stamped using your computer's local system clock. If the time is wildly inaccurate, then some email servers may classify your messages as spam, particularly if the date is in the past or future. Also, many Web sites use cookies to store your logon status. These cookies have an expiry time based on your system clock. If your computer clock is inaccurate, the cookies will be set with the wrong expiry time, and you might find that you are unable to log in.
Fortunately, it is quite easy to synchronize a computer's clock. The Network Time Protocol project maintains a list of public time sources, which provide a consistent time to your computer or network devices. On Windows PCs, you can set your computer to automatically synchronize with an Internet time server: open the Date and Time applet located in your control panel and select the Internet Time tab. Windows also comes with a Time Service Tool, W32tm.exe. It can be used to configure Windows Time service settings and diagnose problems with the time service.
There are also various available programs on the Internet that ensure the accuracy of computer or network time. Network Time System, for example, allows users to synchronize their clock with an enterprise network time server. The server syncs up with external sources, such as Internet time servers or local trusted ones, including GPS or clock cards. Every PC, therefore, does not require an Internet connection to obtain an accurate time. If your firewall is set to block certain types of traffic, you may want to look at Admin Http Time Sync, which uses HTTP instead of the NTP or SNTP protocols. For stand-alone PCs, Atomic Clock Sync is another free program. To set your PC clock once a day, Atomic Clock Sync connects to a server at the National Institute of Standards and Technology (NIST).
More information:
Check out the latest Messaging Security School lesson -- Spam 2.0: New threats and new strategies.
Mike Rothman talks about cookie encryption as a PCI DSS requirement.
|
