We’re drawing on our security knowledge to provide a series on the fundamentals of securing devices and networks.
First up is an introduction to how devices keep time, and what best practices ensure the security of this process.
Devices are built with clocks that help them keep time, but those clocks do not remain accurate over long periods of time. Since timing of tasks can be crucial, manufacturers design devices to reach out to time servers, to update their internal clocks to the correct time.
External time servers introduce risk though, so network administrators use internal time servers. Internal time servers ensure that the requesting device is getting the correct time as quickly as possible, and that it is the same time as all other computers on the network. More crucially, internal time servers also prevent Man In The Middle (MITM) and Distributed Denial of Service (DDoS) attacks from attackers acting outside the network. In 2018 alone, 9 security vulnerabilities were published that used NTP, the protocol used for fetching time.
MITM attacks take place when a malicious actor can intercept and interfere with traffic between two endpoints, for example, between a device and an external time server. By sending modified requests or responses, an attacker can disable or take control of a device. A DoS attack that takes advantage of an external time server might spoof the device requesting time, so that the real device is flooded with the server's responses, and is taken out of service.
On traditional endpoints, like PCs and servers, updating the time server settings to use an internal time server is straightforward. These machines have a UI that has been designed with the expectation that an administrator will want to change system settings. However, on devices like VOIP phones, industrial controllers, and printers, this isn’t necessarily the case. The method of changing settings varies from device to device, and options that are available on one manufacturer’s devices may not be available on another.
It’s important to know where your devices are getting their time, update their system settings, and secure your network. Stay tuned for more information in our next installment about how to secure your network.