The protocol that helps multiple servers keep their system time synchronized is:

October 11, 2022

Network Time Protocol is a protocol governing computer networks dating back to the 80s, whose purpose is to enable the synchronization of clocks between computers linked by packet-switched networks. This article explains how NTP works, its benefits, and the challenges to consider. 

Table of Contents

What Is NTP (Network Time Protocol)?

Network Time Protocol is defined as a protocol governing computer networks dating back to the 80s, whose purpose is to enable the synchronization of clocks between computers linked by packet-switched networks. 

Over the years, the ability to privately synchronize time between internet clocks was almost impossible. This is because systems could synchronize time via the internet time servers, which work publicly. However, after the Network Time Protocol (NTP) was developed at the University of Delaware in 1981, the features of the protocol and its associated importance made private time synchronization possible. 

Network Time Protocol (NTP) is a protocol that is used to hourly synchronize computer clocks concerning a source time over a network. The time on all internet clocks must have little or no difference from each other, especially in organizations that depend on analyzing timely actions.

Features of Network Time Protocol

Some outstanding features of NTP are:

• NTP servers work with precise atomic and GPS clocks. Atomic clocks are the most accurate clocks in the world. NTP servers synchronize time between clients using these accurate clocks as reference time.
  To make this protocol more cost-effective, several clients can connect to an NTP server using several effective techniques.
• NTP uses UTC (Coordinated Universal Time) as its time unit while synchronizing time across clients. As a result, it does not consider time zones. NTP uses UTC because it accurately detects changes across internet clocks in milliseconds. It detects changes in 1 millisecond in a Local Area Network (LAN) and tens of milliseconds in a broader network. 
• It prevents fractions of errors or vulnerabilities in information exchange between clients via the server. NTP has adjustment techniques that resolve every time error, no matter how slight it is. This prevents possible mistakes and vulnerabilities.
• It ensures consistent and continuous timekeeping for file servers. This unique feature makes this protocol important for organizations that need correct and consistent records of the client’s actions. Typical organizations that use this feature are financial firms, hospitals, pharmaceutical industries, etc. 

See More: What Is Wifi 6? Meaning, Speed, Features, and Benefits 

Applications of Network Time Protocol

Here are some situations where one can use NTP effectively;

1. Security

The first step towards effective network security is correct timing. Computers read time in linear numbers that are expected to increase progressively. Time synchronization is needed when a computer with a slow internet clock sends data to another computer with a faster clock. Sometimes, hackers could intentionally slow down the internet clock of a computer to aid spoofing. However, NTP servers that can detect tens of milliseconds can be applied to solve this situation.

2. Analysis

Actions carried out by clients in seconds are recorded as logs in the NTP servers. These records are essential in taking swift steps toward breaches in the network. By looking through these records, someone could easily detect the time of change and the time source to make necessary changes.

3. Network management

In cases of unstable or poor network connection, the Network Time Protocol would be helpful as NTPs work differently than internet time servers. Internet time servers can log you out of a site when there is a poor or lost connection. While you are logged out, time will not be well synchronized, causing a lag. However, this is not so in the Network Time Protocols cases, as the servers do not depend on an internet connection to work effectively.

See More: GSM vs. CDMA: Understanding the 10 Key Differences

How Does Network Time Protocol Work?

To understand how Network Time Protocol works, it is imperative to understand the architecture and hierarchy of this protocol. 

Architecture of Network Time Protocol

The architecture used in Network Time Protocol is a hierarchy. Each level in the hierarchy is called a stratum. The hierarchy starts at the top as stratum 1 and ends at the bottom as stratum 16.

This hierarchy system is also implemented in time referencing while synchronizing time. The stratum 1 NTP servers are the most precise time servers because their time is referenced to an authoritative time source, like an atomic clock.

Stratum 1 NTP servers work as the primary NTP servers. This is because NTP servers in stratum 2 synchronize their time using stratum 1 NTP servers as a reference. In that way, stratum 2 NTP servers become references for stratum 3 and stratum 3 for stratum 4, and so on.

In some cases, you could assign multiple NTP servers to one device. Afterward, the device would select an optimal NTP server according to various parameters. This selected NTP server would be the reference source time of the device. NTP synchronizes time using three significant steps. These steps are as follows;

1. The process is initiated by an NTP client who instigates a time-request exchange with the NTP server.

2. As the request is sent, the client is to calculate the link delay and its local offset. The client could adjust his local clock to match the server’s clock with these calculations. 

3. The client can only adjust his local clock after six exchanges are made within 5-10 minutes. There would be incorrect calculations if this duration is exceeded or the number of exchanges is less or more.

See More: What Is Network Topology? Definition, Types With Diagrams, and Selection Best Practices for 2022

Best practices for NTP use

Here are the best practices of Network Time Protocol that would give more effective results:

• Use public NTP for external hosts: If an organization is developing services or other platforms to be deployed outside the organization, it is best practice to use a public NTP. Also crucial to know is the fact that most public NTPs specify their rule of engagement. If an organization has multiple users using NTP, it would be logical to create a hierarchy to coordinate with instead of contending for access with the publicly available users.
• Ensure the hierarchical service is configured for your network: This would be effective if you acquire Stratum 1 or Stratum 0 NTP appliances for your devices. Setting up a private NTP server is also recommended, which is cost-effective.
• Homogenize to UTC: It is best to homogenize all systems within an organization to UTC. That is, to set all systems to coordinate universal time. Homogenizing to coordinated universal time (UTC) simplifies the correlation of logs within the enterprise and exterior groups regardless of the time zone the synchronized device is located.

• Evaluate the need for cryptography in your business: Although it is advisable to protect your network with encrypted communication and authentications, this also has its downsides. These include using key management and requiring significant computer management expenses. However, there are cryptographic services related to NTP for conserving NTP communications.

• Keep Segal’s law in mind: In all cases, it would be practical to have three or more Stratum 0 or Stratum 1 servers as primary servers. Segal’s law states that: having two NTP servers makes it difficult for hackers to decide which is authentic. At the very least, two Stratum 0 servers would deliver a more accurate timestamp because they use a definitive time source.

See More: Modem vs. Router: Understanding the Key Differences

Benefits of Network Time Protocol

By adopting Network Time Protocol, organizations can unlock the following benefits:

1. Improved security

Network Time Protocol (NTP) reduces the susceptibility of your systems to virus attacks and intrusion from hackers. Let’s compare the security actions of NTP and the internet time server.

An internet time server is a free service that helps synchronize time publicly. However, these servers expose your systems to viruses and other security attacks. To work effectively, the internet time server needs an open user datagram protocol (UDP) 123 port, which it can only open through the firewall. This implies that to use this free time server, the organization needs to remove a small portion of its system security by opening a hole in the firewall.

A hole through the firewall is synonymous with an obvious hole through the skin. Virus and hacker attacks are more likely to occur since there is a voluntarily opened route. On the contrary, NTP does not require an open user datagram protocol (UDP) 123 port to work effectively. The organization would have complete protection with articulate time synchronization with NTP.

2. Spoofing prevention

Unlike NTP, protocols and servers that synchronize time using UDP protocol for client-server communication are prone to spoofing. 

Spoofing is a form of cyber threat. It entails disguising the content of a link, email, text message, or display name to convince the receiver that the tampered information is from an authorized source. The goal is to make the receiver disclose sensitive information like card number, caller ID, password, etc. 

NTP solves this issue by enabling authorization techniques, like shared encrypted passwords stored on both client servers. This means that before any client can share information with the other, they must put in the password that both clients have in common. One cannot use authorization techniques on public internet servers as the servers are used publicly by many people. This makes them prone to spoofing.

3. Greater accuracy

NTP synchronizes time more accurately by enabling symmetrical network communication between clients. In more precise terms, the amount of time it would take for one client’s information (communication packet) to reach the server is the same amount of time for the data to move from the server to the receiving client.

This symmetrical network communication is maintained according to the stratum of the NTP servers. Stratum 1 NTP server uses GPS/GNSS satellite technology to correct minute time differences in both routes that might be in microseconds. This makes these servers maintain a high level of accuracy between the clients.

4. Easy configuration

Another benefit of the Network Time Protocol is that it is easy to configure. This is important as clients cannot configure internet time servers. This implies a large number of bad clocks on internet time servers.

NTP servers are easy to configure and install. They allow the network administrator to control and configure the working terms of the servers fully. This implies a small number of faulty bad clocks because they are misconfigured. This was proven as a survey of NTP servers by MIT showed that only a few 28% of stratum 1 clocks were faulty because they were misconfigured.

5. Improved reliability and availability

Unlike NTP, one common problem with internet time servers is availability. The public servers on internet time servers can disappear immediately as they are seen if there is a loss of internet connection. Time can not be synchronized accurately across client computers on internet time servers without a stable internet connection.

Another problem is reliability. Internet time servers are unreliable because they might have been installed or misconfigured. If so, there would not be any accurate time synchronization between clients.

However, their protocol would be reliable by installing multiple redundant NTP servers. This is because the redundant NTP servers would stand in for others if there is a hardware failure. Also, these servers do not require an internet connection to synchronize time accurately.

6. Easy monitoring and tracing

Unlike internet time servers whose actions cannot be monitored or traced, NTP ensures continuous monitoring for all servers. This is most important in cases like time divergence or loss of the Global Positioning System (GPS) signal. Users can solve these issues immediately to give accurate results only if the servers are monitored throughout their working time.

Also, NTP servers store logs of their working information that can be analyzed and traced to the precise time source.

7. Adherence to legal standards

In some organizations, it is compulsory, according to the law, to maintain the synchronization of systems that can be traceable to a source of precise time. Since internet time servers are untraceable, the only option is NTP. 

Organizations or industries that are to meet these legal standards are groups that deal with sensitive information. Some are; pharmaceutical industries, hospitals, financial organizations, etc. It is imperative to maintain accurate time synchronization in these industries or organizations as it is essential for efficient running.

See More: Wifi 5 vs. Wifi 6: Understanding the 10 Key Differences

Challenges of Network Time Protocol

Although NTP has numerous benefits, it also has flaws that discourage people from using it. Some of these flaws are mild and have alternative options, but others barely have a solution which makes the protocol unbearable in some cases

1. Inefficient security options

The security options offered by the latest versions of NTP are unrealistic and unattainable. The two security options are symmetrical encryption and asymmetric authentication. Symmetrical encryption is a security technique that entails exchanging the private key or password before the time synchronization takes place. This option is rarely used because it works on the MD5 algorithm, which has little or no security. Although SHA-1 is a better alternative to the MD5 algorithm, it is hardly secure and rarely used. The second security option, asymmetric authentication, is based on Autokey, another insecure protocol that is not advisable for any scenario.

2. Continues possibility of spoofing risk

Spoofing is a cyber attack used to obtain important information from people. Although NTP servers have proposed a solution to prevent spoofing, this precaution does not cover both clients at all stages. Those precautions only protect clients when the systems are well-built. However, when they are at a start-up, the systems are very vulnerable to spoofing attacks.

Also, the precautions mentioned in the section above would not be adequate if the attacker manipulated the system clock by time skimming. There are no security precautions against time skimming actions, only authorization techniques against tampered data.

3. Adding UDP fragments

Another attack route on NTP servers is by adding fake fragments into the stream of fragmented UDP headed to the receiving client. This does not change the timestamp on the communication packet but changes the time of delivery. Therefore, it might not be detected easily as the checksum is unnecessary and can be easily set to zero.

However, for this attack to work perfectly, the inserted fragments must be correctly timed, accurately dimensioned, and fitted so that the original fragments can easily overlap and fit into them without raising suspicions.

4. Kiss-Of-Death (KoD)

This entails stopping a system’s upstream NTP server and enabling a Denial of Service (DoS) attack on the NTP servers. KoD is a beneficial functionality on NTP servers, customarily used to ask a rapid-fire client to suspend the flow of queries for a short period.

However, this functionality can be abused to stop clients from sending queries for an extended period. This attack is effective because the receiving client would likely not check if the timestamps on the incoming messages match the ones on the inquiry.

5. Dependent security protocols 

Since the security protocols are time-dependent, it is possible to execute a DoS attack or flush the cache by making the TTLs of the record expire prematurely. This premature expiration can only be done by advancing the system time on a validating resolver. However, if the system time is out back, it would open the servers for a replay attack.

See More: What Is Raspberry Pi? Models, Features, and Uses

Takeaway

NTP has been a critical building block for computer networks since the 1980s. It is a crucial part of the global internet infrastructure and significantly influences online security. In the years to come, NTP will evolve to play a vital role in modern computing, including next-gen internet technologies like Web3, edge networks, and the metaverse. 

Did you find our Network Time Protocol (NTP) guide useful? Tell us on Facebook, Twitter, and LinkedIn. We’d love to hear from you!  

What is the most time consuming step during the Windows installation process?

What is one reason to create a virtual machine with multiple multi core vCPUs?

What two information technology trends helped drive the need for virtualization?