1
00:00:00,000 --> 00:00:01,589
In this lesson, we're going to talk

2
00:00:01,589 --> 00:00:03,570
about the network time protocol.

3
00:00:03,570 --> 00:00:06,240
The network time protocol, also known as NTP,

4
00:00:06,240 --> 00:00:08,640
is a networking protocol that's used for the synchronization

5
00:00:08,640 --> 00:00:10,499
of clocks between different computer systems

6
00:00:10,499 --> 00:00:12,570
that communicate over a packet-switched.

7
00:00:12,570 --> 00:00:14,670
Variable-latency data network.

8
00:00:14,670 --> 00:00:17,880
TCIPIP networks are considered packet-switch networks.

9
00:00:17,880 --> 00:00:19,710
So network time protocol is going to be used

10
00:00:19,710 --> 00:00:21,090
for the synchronization of time

11
00:00:21,090 --> 00:00:23,550
across our IP connected servers.

12
00:00:23,550 --> 00:00:26,040
Now, NTP is a really old protocol.

13
00:00:26,040 --> 00:00:28,320
In fact, it's one of the older internet protocols

14
00:00:28,320 --> 00:00:30,390
that's still commonly used today.

15
00:00:30,390 --> 00:00:35,390
NTP sends out its data using UDP packets using port 123.

16
00:00:35,760 --> 00:00:39,390
The most current version of NTP is NTP version four,

17
00:00:39,390 --> 00:00:41,820
which was released back in 2010.

18
00:00:41,820 --> 00:00:44,580
Now, NTP is really important in our computer network

19
00:00:44,580 --> 00:00:47,640
because it ensures we're all using the exact same time.

20
00:00:47,640 --> 00:00:49,380
In fact, NTP is designed

21
00:00:49,380 --> 00:00:51,870
to synchronize the clocks on all participating computers

22
00:00:51,870 --> 00:00:54,550
to within a few milliseconds of the UTC

23
00:00:54,550 --> 00:00:57,300
or coordinated universal time.

24
00:00:57,300 --> 00:00:59,280
Now, you can have an internal NTP server

25
00:00:59,280 --> 00:01:01,590
within your network, which is usually going to be more accurate

26
00:01:01,590 --> 00:01:03,120
within a few milliseconds,

27
00:01:03,120 --> 00:01:05,880
or you can use an external NTP server

28
00:01:05,880 --> 00:01:07,770
that is publicly available on the internet,

29
00:01:07,770 --> 00:01:10,455
but this will only be accurate to within about tens

30
00:01:10,455 --> 00:01:12,630
of milliseconds instead.

31
00:01:12,630 --> 00:01:15,480
Now, the reason that using NTP is so important is that many

32
00:01:15,480 --> 00:01:18,660
of our security protocols will rely on reliable time

33
00:01:18,660 --> 00:01:20,430
for things to work properly.

34
00:01:20,430 --> 00:01:22,860
For example, if the time between your workstation

35
00:01:22,860 --> 00:01:25,590
and your server are off by more than about five minutes,

36
00:01:25,590 --> 00:01:27,720
you can get an error that prevents you from even logging

37
00:01:27,720 --> 00:01:29,066
into that domain controller.

38
00:01:29,066 --> 00:01:31,800
So, how does NTP work?

39
00:01:31,800 --> 00:01:33,360
Well, to learn how it works, we need

40
00:01:33,360 --> 00:01:36,180
to talk about three different components, the stratum,

41
00:01:36,180 --> 00:01:38,190
the clients, and the servers.

42
00:01:38,190 --> 00:01:40,110
NTP is designed to use a hierarchical,

43
00:01:40,110 --> 00:01:42,630
semi-layered system of time sources.

44
00:01:42,630 --> 00:01:45,570
Each layer in this hierarchy is known as a stratum.

45
00:01:45,570 --> 00:01:46,847
As of most things in computers,

46
00:01:46,847 --> 00:01:49,890
we start counting out our stratum by beginning with one

47
00:01:49,890 --> 00:01:51,789
and then incrementing upward by one each time

48
00:01:51,789 --> 00:01:54,270
as we go further down the hierarchy.

49
00:01:54,270 --> 00:01:55,887
So if you're in stratum zero,

50
00:01:55,887 --> 00:01:58,440
this is going to be the most precise timekeeping devices

51
00:01:58,440 --> 00:01:59,367
that we have access to,

52
00:01:59,367 --> 00:02:02,370
which includes things like the atomic clock, GPS,

53
00:02:02,370 --> 00:02:03,687
and other very accurate devices

54
00:02:03,687 --> 00:02:06,990
that generate a pulse per second as a trigger to interrupt

55
00:02:06,990 --> 00:02:09,690
and create a timestamp on a connected computer.

56
00:02:09,690 --> 00:02:13,140
These stratum zero clocks are known as our reference clocks.

57
00:02:13,140 --> 00:02:14,160
It's really important to note

58
00:02:14,160 --> 00:02:16,618
that an NTP server cannot be considered themselves

59
00:02:16,618 --> 00:02:18,780
to be at stratum zero,

60
00:02:18,780 --> 00:02:21,660
and they must use one of these reference clocks instead.

61
00:02:21,660 --> 00:02:24,420
So the first NTP servers we have in our hierarchy

62
00:02:24,420 --> 00:02:26,400
are going to start at stratum one,

63
00:02:26,400 --> 00:02:28,385
which is any computer whose system time is synchronized

64
00:02:28,385 --> 00:02:29,935
to within a few microseconds

65
00:02:29,935 --> 00:02:32,520
of an attached Stratum zero device.

66
00:02:32,520 --> 00:02:33,379
To verify their time.

67
00:02:33,379 --> 00:02:35,550
These stratum one servers can also pair

68
00:02:35,550 --> 00:02:38,850
with other stratum one servers to verify they are accurate.

69
00:02:38,850 --> 00:02:40,500
These Stratum one servers are known

70
00:02:40,500 --> 00:02:42,720
as the primary time servers.

71
00:02:42,720 --> 00:02:44,539
Our next set of NTP servers we have

72
00:02:44,539 --> 00:02:46,410
are known as Stratum two.

73
00:02:46,410 --> 00:02:48,300
A Stratum two server is connected

74
00:02:48,300 --> 00:02:50,460
and synchronized to a stratum one server.

75
00:02:50,460 --> 00:02:53,040
Often, a Stratum two server is going to be configured

76
00:02:53,040 --> 00:02:54,691
to query multiple stratum one servers

77
00:02:54,691 --> 00:02:56,490
to ensure it always has a stable

78
00:02:56,490 --> 00:02:58,830
and robust time to provide to the other devices

79
00:02:58,830 --> 00:03:00,600
inside of its pure group.

80
00:03:00,600 --> 00:03:03,180
The next level we move into is Stratum three

81
00:03:03,180 --> 00:03:05,640
and Stratum three servers are going to be synchronized upward

82
00:03:05,640 --> 00:03:07,650
back to those Stratum two servers.

83
00:03:07,650 --> 00:03:10,350
This pattern continues with stratum four, connecting back

84
00:03:10,350 --> 00:03:12,330
to Stratum three, and so on.

85
00:03:12,330 --> 00:03:14,400
Each time though, we're going to add a little bit more delay,

86
00:03:14,400 --> 00:03:15,810
and this becomes further

87
00:03:15,810 --> 00:03:17,790
and further from stratum zero, which had

88
00:03:17,790 --> 00:03:19,770
that precise time from the atomic clock

89
00:03:19,770 --> 00:03:21,990
or GPS that we began with.

90
00:03:21,990 --> 00:03:23,820
Now, there is a limit to how many layers

91
00:03:23,820 --> 00:03:28,470
or stratum we can actually use in NTP, and that limit is 15.

92
00:03:28,470 --> 00:03:30,731
Now, if something is classified as stratum 16,

93
00:03:30,731 --> 00:03:33,800
this indicates that that device is truly unsynchronized

94
00:03:33,800 --> 00:03:36,660
according to the algorithm and the protocol.

95
00:03:36,660 --> 00:03:38,700
Now, what does all this look like if you're going to use it

96
00:03:38,700 --> 00:03:40,251
inside your enterprise networks?

97
00:03:40,251 --> 00:03:42,960
Well, normally, you're going to connect a time server

98
00:03:42,960 --> 00:03:45,660
to your network, or you'll run a time service on something

99
00:03:45,660 --> 00:03:46,860
like your domain controller

100
00:03:46,860 --> 00:03:49,290
with a dedicated hardware reference clock.

101
00:03:49,290 --> 00:03:50,910
This will be at one of the stratum levels

102
00:03:50,910 --> 00:03:52,350
that we just discussed, depending on

103
00:03:52,350 --> 00:03:53,758
how far away from stratum zero,

104
00:03:53,758 --> 00:03:56,820
that precise time source you actually are.

105
00:03:56,820 --> 00:03:59,040
Then you'll install a piece of client software

106
00:03:59,040 --> 00:04:01,710
on each workstation to interface with your server.

107
00:04:01,710 --> 00:04:03,211
If you're using the Windows operating system,

108
00:04:03,211 --> 00:04:05,700
it already has this functionality built into all

109
00:04:05,700 --> 00:04:08,220
of its workstations, and your domain controller will run

110
00:04:08,220 --> 00:04:11,010
the NTP service to act as the time source at one

111
00:04:11,010 --> 00:04:13,591
of those stratum levels for all of your workstations.

112
00:04:13,591 --> 00:04:17,190
Now, as I mentioned before, NTP is a very old protocol,

113
00:04:17,190 --> 00:04:20,490
and it was first developed all the way back in the 1980s.

114
00:04:20,490 --> 00:04:22,860
But there are two newer protocols that we can also use

115
00:04:22,860 --> 00:04:24,399
to coordinate time on our systems,

116
00:04:24,399 --> 00:04:27,900
and these help fix some of the weaknesses in NTP.

117
00:04:27,900 --> 00:04:30,381
These two protocols are known as the precision time protocol

118
00:04:30,381 --> 00:04:33,360
and the network time security protocol.

119
00:04:33,360 --> 00:04:36,030
First, we have the Precision Time Protocol.

120
00:04:36,030 --> 00:04:38,630
The Precision Time Protocol, also known as PTP,

121
00:04:38,630 --> 00:04:40,920
is a protocol used to synchronize clocks

122
00:04:40,920 --> 00:04:43,710
throughout a computer network.
On a local area network.

123
00:04:43,710 --> 00:04:45,300
It's going to achieve clock accuracy

124
00:04:45,300 --> 00:04:46,783
in the sub-microsecond range,

125
00:04:46,783 --> 00:04:49,380
which really makes this significantly more accurate

126
00:04:49,380 --> 00:04:52,320
than the older NTP was for our systems.

127
00:04:52,320 --> 00:04:54,750
The precision time protocol is ideal for networks

128
00:04:54,750 --> 00:04:56,730
that require precise timekeeping such

129
00:04:56,730 --> 00:04:58,212
as those in financial trading systems

130
00:04:58,212 --> 00:05:00,510
or industrial automation systems.

131
00:05:00,510 --> 00:05:02,070
The precision time protocol

132
00:05:02,070 --> 00:05:04,320
operates using a primary-secondary architecture

133
00:05:04,320 --> 00:05:05,910
for clock synchronization.

134
00:05:05,910 --> 00:05:08,193
The primary clock will send precise time messages

135
00:05:08,193 --> 00:05:10,933
and the secondary clocks will adjust themselves to align

136
00:05:10,933 --> 00:05:13,230
with the primary clock by considering factors

137
00:05:13,230 --> 00:05:16,560
like the message transmission times, and network delays.

138
00:05:16,560 --> 00:05:19,860
Second, we have the network time security protocol.

139
00:05:19,860 --> 00:05:22,140
Now, the network time security protocol, also known

140
00:05:22,140 --> 00:05:24,131
as the NTS, is actually an extension

141
00:05:24,131 --> 00:05:27,720
of the older NTP protocol that we talked about before,

142
00:05:27,720 --> 00:05:29,531
and it was developed to provide cryptographic security

143
00:05:29,531 --> 00:05:31,170
for the time synchronization

144
00:05:31,170 --> 00:05:33,651
that's being provided by those NTP servers.

145
00:05:33,651 --> 00:05:36,330
As NTP has been known to be vulnerable to various types

146
00:05:36,330 --> 00:05:38,393
of attack, including on path attacks.

147
00:05:38,393 --> 00:05:40,890
The network time security protocol was developed

148
00:05:40,890 --> 00:05:43,647
to add a layer of security by authenticating the time source

149
00:05:43,647 --> 00:05:45,180
and the integrity of the time

150
00:05:45,180 --> 00:05:47,220
that's being received from that server.

151
00:05:47,220 --> 00:05:49,590
Now, the network time security protocol is going to use

152
00:05:49,590 --> 00:05:51,660
a combination of the transport layer security

153
00:05:51,660 --> 00:05:54,360
or TLS as well as the authenticated encryption

154
00:05:54,360 --> 00:05:57,480
with associated data or AEAD to ensure

155
00:05:57,480 --> 00:06:00,051
that the time synchronization process is really secure

156
00:06:00,051 --> 00:06:02,610
and that the time source is authenticated in order

157
00:06:02,610 --> 00:06:05,430
to prevent malicious tampering with our time information.

158
00:06:05,430 --> 00:06:07,028
So remember, while the network time protocol

159
00:06:07,028 --> 00:06:09,079
is an essential protocol for synchronizing

160
00:06:09,079 --> 00:06:11,908
the time across multiple computer systems in a network,

161
00:06:11,908 --> 00:06:13,470
it is not the only tool we have

162
00:06:13,470 --> 00:06:15,780
in our timekeeping toolbox.

163
00:06:15,780 --> 00:06:17,880
As our networks grow and our needs for precision

164
00:06:17,880 --> 00:06:21,070
and security evolve, we had to add new protocols like PTP

165
00:06:21,070 --> 00:06:22,800
and NTS to be able

166
00:06:22,800 --> 00:06:25,290
to provide enhanced accuracy and security.

167
00:06:25,290 --> 00:06:26,670
Precision Time Protocol

168
00:06:26,670 --> 00:06:29,310
offers a higher precision timekeeping solution for scenarios

169
00:06:29,310 --> 00:06:30,940
where every microsecond is going to count,

170
00:06:30,940 --> 00:06:33,510
and the network time security protocol ensures

171
00:06:33,510 --> 00:06:35,970
that our time synchronization processes are secure

172
00:06:35,970 --> 00:06:37,500
for malicious interference.

173
00:06:37,500 --> 00:06:39,450
By understanding and leveraging these protocols

174
00:06:39,450 --> 00:06:41,610
more effectively, we can maintain precise

175
00:06:41,610 --> 00:06:44,073
and secure timekeeping across all of our network systems

176
00:06:44,073 --> 00:06:46,146
to ensure that everything from security protocols

177
00:06:46,146 --> 00:06:48,510
and transaction logging all the way over

178
00:06:48,510 --> 00:06:50,546
to system troubleshooting and network optimization

179
00:06:50,546 --> 00:06:53,493
are all occurring using the proper network time.