'A man with one clock knows the time, a man with two clocks is not sure'. Computer clocks are based on inexpensive oscillator circuits or battery backed quartz crystals and can easily drift seconds per day, accumulating significant errors over time.

Unsynchronized computer clocks in the enterprise Information Infrastructure would have significant impact on network and security operations. 'Close enough' computer clock synchronization is not enough - especially when building defences against information attacks by cyber-crime syndicates and nation-state adversaries who can take advantage of lack of computer clock synchronization to camouflage large-scale information attacks to look as though they were isolated instances of 'script kiddie' probes in different segments of the enterprise networks.

Lack of time synchronization would affect enterprise networks in three key areas:

Security

Access security and authentication
Most modern authentication protocols require accurate time. For example, in Windows 2000 the default authentication protocol (Kerberos Version 5) uses workstation time as part of the authentication ticket generation process.

Time synchronization is so vital in Windows 2000, that it includes the W32Time time service tool whose purpose is to ensure that all Windows 2000-based computers in an organization use a common time.

The Windows time service uses a hierarchical relationship. All client desktops and member servers nominate their inbound authenticating domain controller as their time partner. This continues up through the hierarchy of domains to the primary domain controller (PDC) at the root of the forest.

This PDC is set to synchronize with a reliable time source, such as a dedicated network time server. If a time server is not available and the time difference between domain controllers drifts beyond the skew allowed by Kerberos, authentication/logon between two domain controllers may not succeed.

Systems such as RSA Security's SecurID, require some level of time synchronization between the client machine requesting access and the server that grants it. If the two aren't within an allowable time difference, access can be denied.

Log file Analysis, Audit, Monitoring and Forensics
Log files facilitate analysis of events within the network. This includes firewall, IDS/IPS and VPN security-related activity. Since the logs are a compilation of information from different hosts/devices it is crucial that the time stamps are accurate - if not, events cannot be ordered into the correct chronological sequence, and root-cause of attacks and security breaches cannot be correctly determined.

Even in centrally logged configuration events and system error messages, such as router configuration changes, modem events, security alerts, trace backs, and CPU process overloads (during Denial of Service attacks) rely on network time synchronization for accurate time stamps for the data to have meaning.

In incident investigation, the RMON and other log files are typically used by security administrators to re-construct the scene of a network security breach or network crime. Accurately time-stamped network packet transits provide the forensic evidence to make this possible.

Network Operations

Network fault diagnosis and recovery
Key network events are trapped, reported, and logged using the RMON services that reside in servers, routers, and switches. Should the network crash or become instable (due to any reason, could be to an information attack), a stream of RMON events will be reported. Each of the events will be indexed with the 'network time stamp' affixed by the reporting RMON agent.

If these time stamps are synchronized, the proper order can be established and root-cause quickly established. Without accurate network time synchronization this will not be possible.

File Time Stamps
The integrity of any file system is heavily dependent on accurate time to track the dates and time of file creation, last accesses, last modified etc. In distributed file sharing, correct file time stamps would be crucial.

Directory Services
Network directory services systems exchange information and synchronize changes according to time stamps. Therefore, network time synchronization is an important part of network design and implementation. For example, for accurate and optimum efficiency, in a Windows NT network, all NT servers and client workstations need to synchronize with a single, accurate, and standard time source.

Scheduled Operations
Cron scrips and crontabs are commands to a computer operating system or application server that are to be executed at a specified time. Each command is executed when its triggering time arrives.

In case of networked computers - each responsible for executing independent cron files - time synchronization between the computers becomes critical so that scheduled activities are properly coordinated.

Applications

Most computer applications use time stamps as a key element. Like PSTN depends on precise frequency, VoIP depends on precise time. Other applications such as shared databases, billing and transaction systems, data acquisition, email, PKI etc. rely heavily on accurate time stamps.