What is NTP and why is it important for security?
D4 ยท Operations ยท CompTIA Security+ SY0-701NTP (Network Time Protocol) synchronizes the clocks of computer systems over a network, ensuring all devices have consistent, accurate time. Security relevance of accurate time:
๐ Log correlation โ matching events across systems requires accurate timestamps
๐ซ Kerberos โ requires clocks within 5 minutes or authentication fails
๐ Digital certificates โ validity periods depend on accurate time
๐ Replay attack prevention โ timestamps identify stale requests
NTP security risks: NTP amplification DDoS, NTP spoofing (falsifying time to disrupt Kerberos).
๐ Log correlation โ matching events across systems requires accurate timestamps
๐ซ Kerberos โ requires clocks within 5 minutes or authentication fails
๐ Digital certificates โ validity periods depend on accurate time
๐ Replay attack prevention โ timestamps identify stale requests
NTP security risks: NTP amplification DDoS, NTP spoofing (falsifying time to disrupt Kerberos).
NTP runs on UDP port 123. If Kerberos authentication suddenly fails across an organization, suspect a time synchronization issue. NTPsec and authenticated NTP protect against NTP spoofing. Accurate time is foundational infrastructure โ often overlooked but critical for security operations.