[ntp:questions] General ntp architecture question

Ryan Malayter malayter at gmail.com
Mon Aug 2 21:52:54 UTC 2010

On Mon, Aug 2, 2010 at 12:27 PM, Terje Mathisen <"terje.mathisen at
tmsw.no"@ntp.org> wrote:
> unruh wrote:
>> On 2010-08-02, konsu<konrad.azzopardi at gmail.com>  wrote:
>>> Thanks for your answers. Actually I do not know what are the criteria
>>> to consider in deciding time requirements. This is a bank , we will
>>> deploy VOIP soon and we have some dealers connected to reuters
>>> network  {I am checking whether they have their own time sync}....so
>>> for the rest, I do not see any reason why synchronization to the
>>> internet would be an issue.
>> BEcause financial transactions are often time sensitive. It would be
>> embarassing if your clocks were 7 hours off, and some crooks knew this.
>> I suspect you could be thoroughly defrauded if that were the case.
> Much worse:
> If you have any kind of trading department, then it is almost certainly a
> requirement to have an auditable UTC clock reference.

Even if you don't have a trading desk, you are still likely bound by
PCI requirements for servicing debit and credit card transactions.
These apply to all systems within the card data environment (which is
essentially everything that can access a system where card data is
held, no matter how indirectly.) The relevant audit questions are in
section 10.4:

10.4  Synchronize all critical system clocks and times
   Obtain and review the process for acquiring and distributing the
correct time within the organization, as well as the time-related
system-parameter settings for a sample of system components, critical
servers, and wireless access points. Verify the following is included
in the process and implemented:

10.4.a Verify that NTP or similar technology is used for time synchronization

10.4.b Verify that internal servers are not all receiving time signals
from external sources. [Two or three central time servers within the
organization receive external time signals [directly from a special
radio, GPS satellites, or other external sources based on
International Atomic Time and UTC (formerly GMT)], peer with each
other to keep accurate time, and share the time with other internal

10.4.c Verify that the Network Time Protocol (NTP) is running the most
recent version

10.4.d Verify that specific external hosts are designated from which
the time servers will accept NTP time updates (to prevent an attacker
from changing the clock). Optionally, those updates can be encrypted
with a symmetric key, and access control lists can be created that
specify the IP addresses of client machines that will be provided with
the NTP service (to prevent unauthorized use of internal time
See www.ntp.org for more information"

> I suggest you do as Rob and David suggest, i.e. get yourself one or more
> GPS-based Stratum 1 clocks, then define 4-6 primary servers which use
> this/these GPS clocks plus a few internet servers as backup.

Agreed. This is really a must-have for any financial services
organization, and has been for a very long time. Once upon a time the
mainframes dialed direct into NIST or USNO, but now internally
managed, NTP-accessed GPS units (with redundancy) are all I have seen
in the last decade.


More information about the questions mailing list