Network Time Protocol (NTP)

The Network Time Protocol (NTP) allows for time synchronization of equipment on the network. As commonly used, one router is set as the master to which other devices look for the current time. If the current time is different than the time received from the master time device, the time is adjusted accordingly. The master device also looks at a known time source. This time source may be a local device, a radio device connected locally, or a publicly available device on the Internet. Cisco's implementation of NTP allows for the delay that the packet carrying the current time experiences while crossing the Internet. By having all the devices synchronized to one clock, understanding an outage on a network is easier. By examining logs that have been time-stamped by one common time, the order in which events occurred can be determined, and the outage thus isolated to the proper culprit.

A device that uses radio to get the current time is the safest from a network security perspective. This is illustrated in Figure 2-6. Using this method, no NTP services are expected or accepted over the Internet.

If the router gets NTP times from an Internet source, as shown in Figure 2-7, you need to open up your network to the Internet for this protocol. This is an accepted method because NTP does not usually pose a large threat to most networks. However, some precautions should be taken. When you are using NTP services, use MD5 hashing to authenticate the issuer of the NTP packets. When you are not using NTP, specifically turn NTP off with the following interface command:

no ntp enable

You should recommend that a single router be used to gain the current time and that internal routers look to this master for the time. This not only is the way in which NTP was designed to be used, but also exposes only a single router to any threat through NTP.