The Network Time Protocol (NTP) has been critical in ensuring time is accurately kept for various systems businesses and organizations rely on. Authentication mechanisms such as Time-based One-Time Password (TOTP) and Kerberos also rely heavily on time. As such, should there be a severe mismatch in time, users would not be able to authenticate and gain access to systems. From the perspective of incident handling and incident response, well-synchronized time across systems facilitates log analysis, forensic activities and correlation of events. Depending on operational requirements, organizations may choose to utilize public NTP servers for their time synchronization needs. For organizations that require higher time accuracy, they could opt for Global Positioning Systems (GPS) appliances and use daemons such as GPSD [1] to extract time information from these GPS appliances.
Article Link: InfoSec Handlers Diary Blog