When you need to analyse logs, it will help you when all the time settings are equal. For example, if server A has it’s time set to 12:00, while server B has it’s time set to 12:15, you probably going to miss some detailed information about what happened because you are looking at the wrong moment in time within the log files. Therefor it is not only required that all the system clocks have the exact same time set, but also the same time zone.
How
The most commenly used method for clock synchronization is the Network Time Protocol (NTP). Almost all systems support this protocol and it is accorate to the millisecond. Also make sure that you setup a correct time zone. When you are operating in different time zones, it’s standard to use the UTF timezone on all systems instead of your local time zone.
Examples
All Microsoft Windows versions support NTP since Windows 2000 and is included in the Windows Time Service (W32Time).
Linux machines can use multiple NTP solutions, but the most common is chrony.
Risks
Make sure to use multiple NTP servers (4 is recommended).
Don’t synchronize your clocks to often. Once a day should be sufficient.
Use NTP servers with low latency
Avoid time loops. Time loops are when server A synchronizes with server B which synchronizes with server A.
Example Control Ruleset
When the following controls are used, you should be compliant for this topic:
- Clocks on every system or appliance needs to be synchronized to have an accurate time and date set
- Time synchronization takes place at minimal once per day
- Time zone is set to UTF (+0:00)
- The NTP protocol is used for clock synchronization
Related links
Azure – Windows VMs
Azure – Linux VMs
AWS – Windows VMs
AWS – Linux VMs
Linux – general
Windows 10
