Computer Security Clockwork

CSO Simson Garfinkel notes that incorrect system time on your servers, clients, and devices (what I like to call “computer security clockwork”) can have the following effects:

  • System logs are incorrect.
  • Forensic investigations become more difficult.
  • Scheduled jobs may occur too early, too late, or not at all.
  • SSL certificate validity may be affected.
  • Emails may be tagged as spam if they appear to have a future date.
  • Electronic locks may open or lock inappropriately.

The article also describes how to ensure your systems have the proper time, how some of the Internet’s time servers depend on each other, and how leap seconds are added to our time on occasion.

“Ultimately,” Garfield writes, “time is a security matter. Having correct time can be the difference between having someone convicted of a crime and having them go free. Indeed, if your system clock is wrong, you might not even know that a crime has taken place.”

Read the article on CSOonline.com.

Leave a comment

Filed under Security

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s