CSO Simson Garfinkel notes that incorrect system time on your servers, clients, and devices (what I like to call “computer security clockwork”) can have the following effects:
- System logs are incorrect.
- Forensic investigations become more difficult.
- Scheduled jobs may occur too early, too late, or not at all.
- SSL certificate validity may be affected.
- Emails may be tagged as spam if they appear to have a future date.
- Electronic locks may open or lock inappropriately.
The article also describes how to ensure your systems have the proper time, how some of the Internet’s time servers depend on each other, and how leap seconds are added to our time on occasion.
“Ultimately,” Garfield writes, “time is a security matter. Having correct time can be the difference between having someone convicted of a crime and having them go free. Indeed, if your system clock is wrong, you might not even know that a crime has taken place.”
Read the article on CSOonline.com.
ITauditSecurity 