Article Directory :: Computers & Technology Articles

NTP Time Server Security Solutions

By David Evans

Subscribe to David Evans's RSS feed using any feed reader!

Republish: EasyPublish
Published: 25Jun2007
Word count: 564
Viewed: 326 time(s)
Bookmark this article using any bookmark manager!
Get Free Content For Your Site

The Network Time Protocol (NTP) is an Internet protocol designed to propagate accurate time around a computer network. NTP utilises UDP over TCP/IP to synchronise network time clients to an accurate time reference. This article describes the security aspects of the NTP protocol and specifically using MD5 keys to authenticate a time server.

The Network Time Protocol may be used to synchronise many time critical processes on distributed computers across a network. The NTP protocol is therefore a potential security risk. Hackers or malicious users could attempt to disrupt system synchronisation by attempting to modify or replicate NTP time stamps.

Luckily, NTP has an integral security feature to thwart attempts to tamper with system time synchronisation. NTP can use MD5 encrypted keys to authenticate time stamps received from a time server. The time client can utilise keys to ensure that a time stamp has indeed been received from a secure source.

NTP implements authentication by utilising an agreed set of keys between a server and client that are encrypted in time stamps. A NTP time server passes a timestamp to a client with one of a selection of keys encrypted and appended to the message. On receipt of the timestamp the client un-encrypts the key to ensure it matches one of the agreed keys. In this manner the client can ensure that the received timestamp originated from the expected time source.

The Network Time Protocol utilises MD5 (Message Digest Encryption 5) encrypted keys. MD5 is a widely used secure encryption algorithm that utilises a 128-bit cryptographic hash function. The algorithm outputs a fingerprint of the supplied key, which is appended to the timestamp.

Linux NTP installations store keys in a file 'ntp.keys'. Each record in the file describes an authentication key in the format: 'key-number' 'encryption-code' 'key'. The 'key-number' is a reference to the key. The 'encryption code' describes the encryption algorithm in use, usually 'M' for MD5 encryption. The 'key' field is the agreed key that is to be encrypted by the encryption algorithm. A subset of 'trusted keys' may be specified in the NTP configuration file 'ntp.conf'. This allows a reduced subset of keys to be utilised by the server. Allowing compromised keys to be easily excluded from use. Trusted keys are specified using the 'trusted-keys' command followed by a space-delimited list of key references.

Cisco routers and switches implement the Network Time Protocol and also include MD5 authentication. To enable a Cisco router to perform MD5 authentication you must follow a number of steps. Firstly, enable NTP authentication with the 'ntp authenticate' command. Secondly, define an NTP authentication key using the 'ntp authentication-key' command. A unique reference number identifies each NTP key. The reference number is the first argument to the command. Thirdly, use the 'ntp trusted-key' command to tell the router which keys are valid. The command's only argument is the reference number of the key defined in the previous step

The Windows 2000\2003\XP operating systems adopt a SNTP (Simple Network Time Protocol) application for time synchronisation. The implementation used by Microsoft does not include authentication keys.

To summarise, MD5 key authentication can be utilised to overcome potential security risks when implementing the NTP protocol. Network time clients can be sure that timestamps have indeed emanated from the expected time reference and have not been intercepted for malicious purposes.

David Evans is a technical author that specialises in documenting the installation and configuration of time servers and network timing equipment. David has provided technical authoring services to a number of leading computer network time synchronisation hardware manufacturers. Click here for more information on NTP and time server systems.

Bookmark this article using any bookmark manager! Subscribe to David Evans's RSS feed using any feed reader!

EasyPublish™ this article - publishers click here

More articles by David Evans

Free Report!
Ten Essential Secrets Of Article Marketing ... Grab Your Free
Copy Now:




We respect your privacy.

Need Content?
Regular Top Quality Content for your Blog, Ezine or Website ...
Delivered Direct,
For Free!
Click For Details


Arts & Entertainment
Automotive
Business - General
Computers & Technology
Finance & Investment
Food & Drink
Health & Fitness
Home & Family
Internet Marketing/Online Business
Legal
Pets & Animals
Politics & Government
Reference & Education
Religion & Faith
Self-Improvement/Motivation
Social
Sports & Recreation
Travel & Leisure
Writing & Speaking

More computing articles:

  • Top Cloud Hosting Is The New Choice For Every Business (Hanson Raider)
    Although cloud hosting is a recent phenomenon but all the companies are looking out for best cloud hosting service providers for the amount of benefits it has in store for everybody. The major reason for so many clients being attracted towards cloud hosting of top quality is its cheap cost.

  • Useful Things To Know About Bluehost Hosting (Hanson Raider)
    Before selecting any web hosting provider, there are a number of things you should keep in mind. Firstly, it would be good if you know about the company. Bluehost web hosting is one of the most well celebrated company in the field of web hosting. It is also one of the oldest web hosting companies. In recent times, Bluehost's packages have gone through major changes.

  • Why Shared Hosting Is Perfect For Beginners (Hanson Raider)
    Beginners will find the right hosting when they start looking at different shared hosting reviews of top companies. This allows the beginner to take advantage of lower prices while getting the necesssary hosting for their needs. You can take advantage of discounts from JustHost or another hosting company offering shared hosting if you look in the right places.

  • Where Did I Leave My Web Host (Hanson Raider)
    In this fast paced web surfing world we are left with little to be desired because of all of the many different web sites available to us for research, business, entertainment and even pleasure in some cases. These many varied web sites have become staples in our daily lives and without them most of us would be completely lost.

  • Why Choose Top Green Web Hosting Companies And Not Regular Hosts? (Hanson Raider)
    The concept of green hosting has evolved overtime and an increasing number of people are now opting green web hosts to provide services to their websites. Since there has been an increasing preference of users for green web hosts, there are many top green hosting providers that have emerged overtime.

  • Why HostingMetro.Com Is A Good Choice? (Hanson Raider)
    Hosting services metro is one of the top web hosting services provider for all those individuals and entities trying to enter the online world. The company guarantees 99.9% uptime that very few hosts are offering currently. In order to achieve this milestone the firm has been working very hard along with its team

  • Why Should One Choose Fat Cow Hosting? (Hanson Raider)
    Choosing a web hosting provider becomes a daunting task, considering that there are so many options available in the market today. The competition is tight and with so many companies operating in the market today, one finds it difficult to choose a web hosting company and avail its services for their website. However, the task may become simpler if one only took out the top three companies operating in the web hosting market and chose them.

  • Find Out Why Your Toshiba Laptop Won't Charge The Battery (Lee Matthews)
    Many people have the problem where their Toshiba laptop won't charge the battery. This problem is not exclusive to Toshiba laptops, and most of the common reasons and solutions apply to all laptop brands. This article will help you find the reason ...

  • Andres Del Rio: Discoverer Of Vanadium (Robert Nickel)
    When it comes to the periodic table of the elements, there are some that humans come into contact with more than others in everyday life. Anemic individuals must increase their iron intake, for example and calcium is a vital part of healthy bone growth. ...a great deal of alloys are involved in the construction of your car. ...but there's one metal which drastically increases the strength of steel and titanium: it's called vanadium

We Automatically Distribute Articles
To Thousands Of Publishers And Web Sites:
Submit Article
All content is viewed and used by you at your own risk and we do not warrant the accuracy or reliability of any of the information. The views expressed are those of the individual contributing authors and not necessarily those of this web site, or its owner, Takanomi Limited.
  
Copyright © 2012 Takanomi Ltd. Company no. 5629683. All rights reserved. | Privacy | Legal | Contact Information