NTP (Network Time Protocol) is rather simple in it's mission, it keeps computers clocks in synchronization. So what? Try comparing log files from 3 separate servers if their clocks are out of synch by a few minutes. NTP simply works by a client connecting to a time server, working out the delay between them (on a local LAN it might be only 1-2ms, across the internet it might be several hundred ms), and then it asks for the time and sets it's own clock. Additionally servers can be 'clustered' to keep themselves synchronized, the chances of 3 or more servers losing track of what time it is (also called 'drift') is relatively low.
The time signal is typically generated by an atomic clock or GPS signal, measured by a computer, these are 'stratum 1' time servers, below them are stratum 2 time servers that typically are publicly accessible, a company might maintain it's own stratum 3 time servers if they have sufficient need, and so on.
The data NTP exchanges is of course not terribly sensitive, it's a time signal, however if an attacker were able to tamper with it, all sorts of nastiness could result: log files might be rendered unusable, accounts might be expired early, cron jobs that backup your server might run in prime time causing delays, etc. Thus it is a good idea to run your own time server(s), and set the maximum adjustment they will make to only a few seconds (they shouldn't drift very much in any case). If you are really paranoid, or have a great number of clients you should consider buying a GPS time unit.
They come in all shapes and sizes, from a 1U rack mount job that plugs directly into your LAN to ISA and PCI cards that plug into a server and have an antenna. It is a good idea to firewall off your timeserver, as a denial of service attack on it would be detrimental to your network. In addition to this if possible you should use the encryption available in ntpd, based on DES it is generally sufficient to thwart most attackers. NTP is available from: http://www.eecis.udel.edu/~ntp/. There usually are no man pages with ntpd or xntpd (wonderful huh?) but documentation can be found in /usr/doc/ntp-xxxx/, or at: http://www.eecis.udel.edu/~ntp/ntp_spool/html/index.htm. NTP runs on port 123 using udp and tcp, so firewalling it is relatively simple:
ipfwadm -I -a accept -P udp -S 10.0.0.0/8 -D 0.0.0.0/0 123 ipfwadm -I -a accept -P udp -S some.trusted.host -D 0.0.0.0/0 123 ipfwadm -I -a deny -P udp -S 0.0.0.0/0 -D 0.0.0.0/0 123 ipfwadm -I -a accept -P tcp -S 10.0.0.0/8 -D 0.0.0.0/0 123 ipfwadm -I -a accept -P tcp -S some.trusted.host -D 0.0.0.0/0 123 ipfwadm -I -a deny -P tcp -S 0.0.0.0/0 -D 0.0.0.0/0 123
ipchains -A input -p udp -j ACCEPT -s 10.0.0.0/8 -d 0.0.0.0/0 123 ipchains -A input -p udp -j ACCEPT -s some.trusted.host -d 0.0.0.0/0 123 ipchains -A input -p udp -j DENY -s 0.0.0.0/0 -d 0.0.0.0/0 123 ipchains -A input -p tcp -j ACCEPT -s 10.0.0.0/8 -d 0.0.0.0/0 123 ipchains -A input -p tcp -j ACCEPT -s some.trusted.host -d 0.0.0.0/0 123 ipchains -A input -p tcp -j DENY -s 0.0.0.0/0 -d 0.0.0.0/0 123
Written by Kurt Seifried