Daylight savings time in Brazil starts last Sunday, 18. In addition to the adjustments not to oversleep, it is necessary to pay attention to the desynchronization of the clocks of electronic devices. An entry door to cybercrimes, the change provoked by the time adjustment may bring risks to users and organizations when tracking or identifying possible security flaws.

To ensure reliability in the increasingly used electronic transactions, experts recommend organizations to be attentive to the accuracy of timetables of systems, which are largely updated by NTP services. The NTP service, in a simple manner, informs the correct time to network equipment or devices that synchronize with it, preventing such devices, typically connected to the internet, to advance or delay, even accidentally.

According to Alan Santos, security analyst at the Brazilian National Education and Research Network (RNP), this timeline precision is a key part to ensure the functioning of the systems and to state the exact time of errors or even crimes committed through the network. According to Santos, to keep devices in the networks and on the Internet with the correct time is important for a better administration, maintenance and monitoring of equipment, and this is true for servers, routers, notebooks e desktops.

“Time is the seed to use applications that have time as reference, or even access internet banking services, which use tokens, electronic security devices that ensure extra protection to financial transactions”, he clarifies.

According to the expert, the synchronization of clocks with the daylight savings time is also important to maintain the consistency of logs, in addition to being indispensable in investigations and identifications of those responsible for more serious occurrences, such as cybernetic crimes. “From the accesses made to the system, it is possible to track users who had access to the machines from the registration of times, and it is essential to remake the chronology of events, such as it happens in forensics”, he says.

Security recommendations for daylight savings time

Daylight savings time is related to the time zone configured in the system. By changing the time zone, the parameter of the system that determines the difference in hours between the absolute time (UTC / GMT 0) and local time is altered.

In the period comprised by daylight savings time, until February 21 2016, changes in the clocks of the systems will be consequence of time zone configurations, and not arising from the NTP servers, which do not suffer any modification. “The reference does not change. The NTP servers will give the exact time, regardless of the local time”, Alan Santos clarifies. “That is, there will be an alteration to the systems where daylight savings time occurs, in the Southern, Southeastern and Midwestern regions, and not in the North nor in the Northeast”.

RNP’s Security Incidents Service Center (CAIS) recommends, to avoid attacks involving abuse of NTP servers, to update to a more recent version of the service, and that servers are configured in a way to not allow the execution of consultations through the “monlist” command, a command from an old version of NTP that sends a list of the last 600 to connect to that server, for monitoring purposes.

Administrators of systems and networks may consult if their servers are listed in denial of service attacks on the OpenNTPProject.org website. See a secure configuration guide for NTP servers at the Secure NTP Template.