Chapter 10. NTP
Time is inherently important to the function of routers and networks. It provides the only frame of reference between all devices on the network. This makes synchronized time extremely important. Without synchronized time, accurately correlating information between devices becomes difficult, if not impossible. When it comes to security, if you cannot successfully compare logs between each of your routers and all your network servers, you will find it very hard to develop a reliable picture of an incident. Finally, even if you are able to put the pieces together, unsynchronized times, especially between log files, may give an attacker with a good attorney enough wiggle room to escape prosecution.
NTP Overview
The Network Time Protocol (NTP) was first described in RFC 958 and has developed into the standard Internet time synchronization protocol. It is extremely efficient and needs no more than about one packet a minute to synchronize systems on a LAN to within 1 millisecond, and systems across WANs to within about 10 milliseconds.
Without proper time synchronization between your routers, you may not only have trouble with correlating log files, but inaccurate time may also affect your ability to perform accounting, fault analysis, network management, and even time-based AAA authentication and authorization. So good time management is a necessary part of keeping your network healthy and secure.
Tip
While NTP Version 4 is the latest and preferred version of NTP, Cisco routers ...
Get Hardening Cisco Routers now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
