Time synchronization between all systems is important for logging, certain authentication methods, and for other system administration purposes. Network Time Protocol (NTP) or Simple Network Time Protocol (SNTP) can be used to synchronize time across systems on a network. A typical configuration involves the use of a few authoritative time-servers that all other systems sync to. These authoritative servers should be connected to a highly accurate time source such as a stratum 1 or stratum 2 time-server feed by GPS or in extreme cases an atomic clock. The most important consideration is that all the machine agree on the time, so even if a stratum 1 or 2 source is not available, sync to the most accurate time source possible and have all systems sync to that source.
It is important that the time be synchronized across the network so that all the logs can be correlated, and the events happen in the correct order. This is important for security incident investigations as the sequence of events can reveal a great deal of information and the wrong sequence could lead the investigators in a wrong direction.
Time synchronization is also important for authentication protocols such as Kerberos and the Windows derivative Active Directory (AD). There is typically a 5-minute window of time in which tokens used in the authentication process are valid for. Over time, it is possible that a machine’s time could drift more than 5 minutes from the time on the Kerberos Domain Controller or Windows Active Directory Domain Controller. If this happens, users with AD account will not be able to log into the system and a local admin account will need to be used to fix the time issue.
It is expected that all networks have at least two authoritative time-servers that are directly connected to a highly accurate time source or are connected to a stratum 1 time-server. All systems including desktops, laptop, servers, network device, and every thing else is synchronized to these servers. If there are network security concerns, it may be acceptable to establish a set of stratum 2 time-servers that synchronize to the stratum 1 servers for certain network enclaves.