Time is critical when it comes to
security. Logs, access time, and authentication all need to
exhibit the precise time if they're going to work correctly. And
synchronization of that time across your enterprise is vital.
If you operate a network in the United States, impending changes
to Daylight Saving Time (DST), courtesy of the
Energy Policy Act of 2005, is going to affect your
operations. Let's look at what these changes entail.
What's the problem?
Most of us are familiar with the DST rule of thumb: Spring
forward, Fall back. While the concept will remain the same, the
details are changing this year.
Previously, DST began on the first Sunday of April and ended
on the last Sunday of October. This year, thanks to an energy
bill President Bush signed in August 2005, DST begins three
weeks earlier on March 11. (DST also ends one week later; this
year, it ends November 4.)
Besides having to manually change some clocks, how does this
affect your organization? It depends on what type of hardware
and software you have in your enterprise.
For example, if you run Microsoft systems on your network,
Windows Vista and Windows Server 2003 are good to go. Both OS
versions either have the changes built-in or the changes were
part of a previous service pack—one more reason to make sure
you're up to date on the latest service pack. But you'll need to
update other Windows systems. Don't wait until March 9 to make
sure. Call ComTech Computer Services, for assistance. (254)
770-1210
However, regardless of what software you're running on your
network, the possible effects of an unevenly applied time change
can have a variety of effects on your security operations.
- Authentication systems: Systems that rely on
accurate local system time (e.g., Kerberos) to grant system
access will typically fail, denying authentication
credentials to valid users.
- Time-based access control systems: Erroneously
granted access could result in a violation of security
policy. Systems could grant access during a time it should
be denied, or they could deny valid users access.
- Logging systems: Incorrect timestamps result in
an inaccurate audit trail.
Mike Mullins has served as an assistant
network administrator and a network security administrator for
the U.S. Secret Service and the Defense Information Systems
Agency. He is currently the director of operations for the
Southern Theater Network Operations and Security Center.