anavem.
Back to Glossary
N

NTP (Network Time Protocol)

NTP is a network protocol used to synchronize clocks of computers and devices over packet-switched networks with high accuracy.

What is NTP?

Network Time Protocol (NTP) is a protocol designed to synchronize system clocks across networked devices. Accurate time synchronization is essential for correct operation of distributed systems, security controls, and troubleshooting.

NTP has been in continuous use for decades and is one of the oldest internet protocols still widely deployed.

Why NTP matters

Accurate time is critical because it:

  • Ensures reliable log correlation and auditing
  • Enables correct certificate validation (TLS)
  • Prevents authentication failures (Kerberos, tokens)
  • Supports monitoring, alerting, and forensics
  • Avoids data consistency issues in distributed systems

Incorrect time can break security and operations silently.

How NTP works (simplified)

NTP synchronizes time by:

  1. Querying one or more time servers
  2. Measuring network latency and offset
  3. Adjusting the local clock gradually (slewing)
  4. Maintaining accuracy through periodic updates

NTP uses a hierarchical model to distribute time efficiently.

NTP stratum levels

NTP organizes time sources by stratum:

  • Stratum 0 - reference clocks (GPS, atomic clocks)
  • Stratum 1 - servers directly connected to stratum 0
  • Stratum 2+ - downstream servers and clients

Lower stratum numbers indicate closer proximity to the reference clock.

NTP ports and transport

  • Uses UDP port 123
  • Lightweight and efficient
  • Designed to tolerate packet loss and jitter

Firewalls must allow UDP/123 for NTP to function correctly.

NTP and security

From a security perspective, NTP is important because:

  • Time drift can invalidate certificates and tokens
  • Attackers may attempt time manipulation attacks
  • Unsynchronized systems complicate incident response
  • NTP amplification attacks can be used in DDoS

Secure configuration is essential.

Securing NTP

Best practices include:

  • Using trusted internal NTP servers
  • Restricting NTP access via firewall rules
  • Enabling authentication where supported
  • Monitoring for abnormal time shifts
  • Avoiding direct exposure of NTP servers to the internet

In enterprise environments, time is often centralized.

NTP in enterprise environments

Organizations use NTP to:

  • Synchronize servers, endpoints, and network devices
  • Maintain compliance and audit accuracy
  • Support identity and authentication systems
  • Enable reliable troubleshooting and forensics

NTP is a foundational dependency for many services.

Common misconceptions

  • "Small time differences don't matter"
  • "NTP is only needed on servers"
  • "NTP synchronizes instantly"
  • "Any public NTP server is safe to use"