• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
TimeTools Logo

TimeTools

GPS NTP Network Time Servers and Time Synchronization Solutions

  • Products
    • NTP Server Appliances
    • NTP Wall Clocks
    • GPS Signal Distribution
    • GNSS Timing Antennas
    • Installation Accessories
  • How To Buy
  • Company
    • About TimeTools
    • Customer Reference List
    • Customer Testimonials
    • Quality Management and Compliance
    • Export Compliance
    • TimeTools Ltd Management Team
  • Support
    • User Guides and Manuals
    • T-Series Firmware Updates
    • SR-SC Series Firmware Updates
    • SR\SC Series
    • Installation
    • NTP
    • Security
  • Contact Us
You are here: Home / Support / Security / Simple Steps to Improve NTP Server Security

Simple Steps to Improve NTP Server Security

March 8, 2018 by Editorial Staff

There are a number of simple steps that can be carried out to improve the security of a NTP server.

 

1. Change Default Password

The NTP appliance is provided with a default password. This should be changed as soon as possible to a complex string of characters. Passwords should be kept secret and only provided to network administrators.

 

2. Apply NTP Daemon Restrictions

Apply default restrictions to the NTP daemon to prevent possible misuse by hosts on your LAN. Consider adding restrictions to prevent host modification of NTP settings, querying of NTP settings, ntpdc control message protocol traps and peer associations being formed.

The following lines can be added to the “NTP Additional Configuration File” on the devices “NTP” configuration web page.

For IPv4 devices (eg TimeTools SR series NTP servers) add the following restrictions:

#-------------------------------------------------
# Give localhost full access rights (required):
restrict 127.0.0.1 nomodify

# Prevent remote querying IPv4
restrict default limited kod nomodify notrap nopeer noquery 
#-------------------------------------------------

 

For IPv4 and IPv6 enabled devices (eg TimeTools T-series NTP servers) add the following restrictions:

#-------------------------------------------------
# Give localhost full access rights (required):
restrict 127.0.0.1 nomodify

# Prevent remote querying IPv4
restrict default limited kod nomodify notrap nopeer noquery

# Give IPv6 localhost full access rights (required):
restrict 0::1 nomodify

# Prevent remote querying IPv6
restrict -6 default limited kod nomodify notrap nopeer noquery
#-------------------------------------------------

 

3. Use NTP Authentication

Use NTP MD5 authentication where possible. NTP authentication matches encrypted keywords on both client and server. It is entirely optional, so devices that do not support it can still obtain time from the NTP server.

 

4. Disable Protocols

Disable all unnecessary protocols. Once a NTP server has been configured, many protocols can be disabled.

For very sensative installations, consider disabling all protocols – HTTPS, HTTP, SSH, FTP, Telnet. Then monitor the device using a RS232 serial console hardware connection to a local PC.

SNMP traps or Remote Syslogging can also be used for monitoring, if available.

Protocols can be disabled from the devices “Network” configuration web page.

 

4. Use RS232 Serial Console Port For Configuration and Monitoring

The RS232 Serial Console Port allows the NTP server to be monitored or configured via a physical RS232 serial link to a local PC running a dumb terminal emulator. Using the console port for monitoring and configuration requires physical access to the device and is considered more secure than network protocols.

 

Securing a NTP server using a RS232 serial connection

 

5. Isolate and Protect Network

Isolate the network on which the NTP server is installed from the Internet or use a firewall.

Andrew ShintonAbout Andrew Shinton
Andrew Shinton is the joint founder and Managing Director of TimeTools Limited. He has a BSc (Hons) degree in Computer Science. Andrew has over 20 years experience of GPS systems and Network Time Protocol (NTP) in the Time and Frequency Industry.

Filed Under: Security

Primary Sidebar

Product Information

  • All Products
  • GPS & GNSS NTP Servers
    • T550
    • T300
    • T100
  • NTP Wall Clocks
    • T-ONT4xx
    • T-ONT6xx
    • T-ONTA12
  • GPS Signal Distribution
    • Splitters
    • Optical Fiber Link
  • GNSS Timing Antennas
    • T-3040
    • T-3740
  • Installation Accessories

Useful Information

  • Frequently Asked Questions
  • An Introduction To NTP
  • A Guide To GPS NTP Servers
  • NTP Best Practices
  • Hardware Reference Clocks: GPS, Multi-GNSS or Radio ?
  • Installing a T-Series NTP Server

Web Site Information

  • Privacy Policy
  • Standard Terms & Conditions For Sale Of Goods
  • Web-Site Terms Conditions
TimeTools is an ISO9001:2015 Registered Company

UK Sales: 01902 897400
International Sales: +44 1902 897400

Email: Sales@TimeToolsLtd.com

Footer

Web Site Information

  • Privacy Policy
  • Standard Terms & Conditions For Sale Of Goods
  • Web-Site Terms Conditions

Post Categories

  • News
  • NTP Posts
  • GPS Posts
  • Master Clock Posts
  • Time Synchronization Posts
  • All Categories

TimeTools Limited.
2 Silverend Business Park,
Brettell Lane,
Brierley Hill. DY5 3LG.
United Kingdom.

UK Sales: 01902 897400
International Sales: +44 1902 897400

Email: Sales@TimeToolsLtd.com

  • E-mail
  • Facebook
  • LinkedIn
  • Twitter

Copyright © 2021 TimeTools Limited. All Rights Reserved. All Trademarks Acknowledged.

This website uses cookies to ensure you get the best experience on our website.OkPrivacy Policy