Time is an important metric for most networks. In this video, you’ll learn about the Network Time Protocol (NTP), Network Time Security (NTS), and Precision Time Protocol (PTP).
In this video we’re going to talk about NTP, or the Network Time Protocol. This is the protocol that we use across all of the devices on our network to be able to synchronize their clocks. So if you’re looking at the clock that’s in your laptop or desktop computer or you’re examining log files that have timestamps that are from a switch or router or a firewall, all of those clocks were probably synchronized using the network time protocol. As you can imagine, having every device using exactly the same timestamp can be critical, especially when you’re comparing log files and other information that may have been taken from multiple devices.
This is also an automatic process so that every device can automatically get exactly the correct time of day configured. This is also something that we can configure. So we might have some devices that update their clocks every day and other devices that might update every hour. And in many cases, these time updates are very accurate. In most cases, you might find that the devices on your network may only be different by a matter of milliseconds.
For NTP to work properly, we need a time server. This NTP server listens on UDP port 123, and it’s responsible for responding to any time requests from your NTP clients. The NTP server does not modify its own time, and if it needs to update its own time, then it needs to have a separate NTP client that then queries a different NTP server. The client is the software that’s responsible for querying the server and obtaining the latest update of time information.
And in some cases, we might have both an NTP client and an NTP server on the same device. The server is handing out timestamps to any of your NTP clients. And then if you need to update the time on that device, a separate NTP client on that device will perform the same query to a different NTP server.
Some organizations will query an external NTP server to provide that time information. But if NTP is important for your organization, you may choose to have your own NTP server. You would then configure all of the NTP clients on your network to query your own internal NTP servers.
By default, NTP sends information in the clear. After all, the time of day is not something that’s generally private, so it’s common to send this in a non-encrypted form across the network. But time can be an important security concern. For example, Kerberos is often used to authenticate devices on a Microsoft Windows network, but Kerberos won’t work if the client and the server’s timestamps are off by more than five minutes. So you could potentially cause a denial of service by providing the wrong time to all of the clients on this network.
For that reason, we need some way that we could trust the response that we’re getting from these NTP servers. One way to do this is by using Network Time Security, or NTS. This adds a level of authentication so that we know the response that we’re getting back from these servers is one that can be trusted.
To use network time security. We need an additional device on the network known as the network time security key exchange server. This is a server that’s responsible for authenticating the clients and making sure that they all have a cookie that can then be used to perform the NTP query. So this now turns into a two-step process where we first obtain the authentication details and then provide that cookie to the NTP server.
Here’s a better view of this. We first have a TLS handshake that occurs between the client and the NTS key exchange server. And then we can request a cookie from that server and then receive it in that response. From this point, we can perform the NTP request to an NTP server, but we include that cookie information to show that we have authenticated to the key exchange server. We can then receive the NTP response, and we now know that we have a valid timestamp from a trusted server.
With a local NTP server, we can get accuracies down to around 10 milliseconds. But in some environments, we need very precise time synchronization, and we can do that by using Precision Time Protocol, or PTP. This is a hardware-based time synchronization that provides granularity down to the nanosecond.
This is especially important for industrial uses where you need to make sure that the timestamps across all of these devices are very precise. PTP often requires a separate piece of hardware that is separated from our operating system and any of our applications. That means that it has its own operating system. It can run without any delays from any type of third-party process, and it can provide the most accurate timestamps for all of your devices.