TIME & SECURITY - NETWORK ATTACKS ON THE RISE

We all hear about the big breaches in network security. Just this month, a security breach exposed 114,000 iPad owners including dozens of CEOs, military officials, and top politicians. Luckily, the hacking group did it to expose the security hole, so it appears there was little fallout except embarrassment. Earlier in January, Google considered shutting down its operations in China, citing among other things assaults from hackers.

 

But lest you feel breaches in network security happens to others, here’s something else to think about. In 2009 there were over 100 attacks on computers per second globally. There was also a 71% increase in malware (malicious software) over 2008. This information is according to Symantec’s 2009 Security Report which was released in April of 2010. The report also gives IT administrators more to think about, since 75 percent of enterprises surveyed experienced some form of cyber attack in 2009, showing that this issue is not limited to a few larger enterprises. And still IT networks risk everything by accessing time from the Internet.

 

Back in August of 2003, many computer networks used Internet-based time servers to keep their systems synchronized. The problem was that whenever they would access the time, they left Port 123 open in their firewalls. Even though this was a tiny opening, it was big enough to enable the Sobig.F worm to do its dirty work. If Port 123 were closed, SoBig.F wouldn’t have been able to determine the accurate time, which would have prevented the nefarious files from being downloaded. In the end, the SoBig.F worm caused approximately $29.7 billion in economic damage worldwide. Lesson learned: close Port 123 and install a network time server.

 

 

Unfortunately, as long as there is something to gain from the information in IT networks, security breaches will not go away. Authentication systems try to stay at least one step ahead, and precise synchronization plays an important role in their effectiveness. Many of these systems require some level of time synchronization between the client machine requesting access and the server that grants it. When the two aren’t within an allowable time difference, access can be denied. If the allowable time differential is within minutes that gives way too much time for a hacker to find a way in. The smaller the time differential, the less vulnerability to replay attacks. And small time windows are only possible with the kind of synchronization available from highly precise time servers.

 

We live in a real world where network break-ins do occur. When this does happen, precise time synchronization is your friend during the investigation. Forensic experts examine various network device logs such as those from firewalls, routers and servers. Critical to their success is being able to follow the hacker’s path, and the only way they can follow it is by observing the time stamps on the log files. If everything in the network is precisely synchronized, the investigation will go quickly, but if devices were out of sync, the process becomes lengthy.

 

Keeping your network in sync without exposing it to security risk is actually quite simple.

 

 

To find out more how we can help make your IT network more secure as hackers and their ilk continue their daily attacks, visit our NTP Network Appliances.