What security issues can arise from a corrupted system clock? Will my email messages be treated as spam, for e...
I often feel that many network and system administrators don't pay enough attention to the issues of system clock accuracy and time synchronization. Computer clocks can run faster or slower over time, batteries and power sources die, or daylight-saving time changes are forgotten. Sure, there are lots of more pressing security issues to deal with, but not ensuring that the time on network devices is synchronized can cause problems. And these problems often only come to light after a security incident.
If you suspect a hacker is accessing your network, for example, you will want to analyze your log files to look for any suspicious activity. If your network's security devices do not have synchronized times, the inaccuracy of the time stamps makes it impossible to correlate log files from different sources. Not only will you have difficulty in tracking events, but you will also find it difficult to use such evidence in court; you won't be able to illustrate a smooth progression of events as they occurred throughout your network.
Unsynchronized clocks can also affect automated tasks. If certain processes run out of sequence, such as transaction processing and backups, then the results of these processes may cause discrepancies, due to the transaction times failing to tally. Mismatched timestamps often cause financial and database program errors.
Fortunately, it is quite easy to synchronize a computer's clock. The Network Time Protocol project maintains a list of public time sources, which provide a consistent time to your computer or network devices. On Windows PCs, you can set your computer to automatically synchronize with an Internet time server: open the Date and Time applet located in your control panel and select the Internet Time tab. Windows also comes with a Time Service Tool, W32tm.exe. It can be used to configure Windows Time service settings and diagnose problems with the time service.
There are also various available programs on the Internet that ensure the accuracy of computer or network time. Network Time System, for example, allows users to synchronize their clock with an enterprise network time server. The server syncs up with external sources, such as Internet time servers or local trusted ones, including GPS or clock cards. Every PC, therefore, does not require an Internet connection to obtain an accurate time. If your firewall is set to block certain types of traffic, you may want to look at Admin Http Time Sync, which uses HTTP instead of the NTP or SNTP protocols. For stand-alone PCs, Atomic Clock Sync is another free program. To set your PC clock once a day, Atomic Clock Sync connects to a server at the National Institute of Standards and Technology (NIST).
Dig Deeper on Real-time network monitoring and forensics
Related Q&A from Michael Cobb
Pirated software is still a major concern nowadays. Uncover how to prevent software piracy and protect your organization's intellectual property. Continue Reading
Port scans provide data on how networks operate. In the wrong hands, this info could be part of a larger malicious scheme. Learn how to detect and ... Continue Reading
By performing ongoing risk assessments, organizations can keep their SSH vulnerabilities at a minimum and ensure their remote access foundation is ... Continue Reading