Keeping a Windows 7 Network Secure, Reliable and Accurate

Keeping a Windows 7 Network Secure, Reliable and Accurate
http://news.cnet.com/i/bto/20081106/WinHEC_027_610x406.JPG

Many modern computer networks are now running Microsoft's latest operating system Window 7, which has many new and improved features including the ability to synchronise time.

When a Windows 7 machine is booted up, unlike previous incarnations of Windows, the operating system automatically attempts to synchronise to a time server across the internet to ensure the network is running accurate time. However, while this facility is often useful for residential users, for business networks it can cause many problems.

Firstly, to allow this synchronisation process to happen, the company firewall must have an open port (UDP 123) to allow the regular time transference. This can cause security issues as malicious users and bots can take advantage of the open port to penetrate into the company network.

Secondly, while the internet time servers are often quite accurate, this can often depend on your distance from the host, and any latency caused by network or internet connection can further cause inaccuracies meaning that you system can often be more than several seconds away from the preferred UTC time (Coordinated Universal Time).

Finally, as internet time sources are stratum 2 devices, that is they are servers that do not receive a first-hand time code, but instead receive a second hand source of time from a stratum 1 device (dedicated NTP time server – Network Time Protocol) which also can lead to inaccuracy – these stratum 2 connections can also be very busy preventing your network from accessing the time for prolonged periods risking drifting.

To ensure accurate, reliable and secure time for a Windows 7 network, there is really no substitute than to use your own stratum 1 NTP time server. These are readily available from many sources and are not very expensive but the peace of mind they provide is invaluable.

Stratum 1 NTP time servers receive a secure time signal direct from an atomic clock source. The time signal is external to the network so there is no danger of it being hijacked or any need to have open ports in the firewall.

Furthermore, as the time signals come from a direct atomic clock source they are very accurate and don't suffer any latency problems. The signals used can be either through GPS (Global Positioning System satellites' have onboard atomic clocks) or from radio transmissions broadcast by national physics laboratories such as NIST in the USA (broadcast from Colorado), NPL in the UK (transmitted form Cumbria) or their German equivalent (from Frankfurt).
Loading...