Copyright (c) 2026 MindMesh Academy. All rights reserved. This content is proprietary and may not be reproduced or distributed without permission.

5.2. Network Time Protocol (NTP)

đź’ˇ First Principle: Accurate time is essential for logging, authentication, and troubleshooting. Without synchronized time, correlating events across devices is impossible. NTP synchronizes clocks across the network to a common time source, using a hierarchy of stratum levels where lower numbers are more accurate.

Time synchronization seems boring until you need it. Imagine troubleshooting a security incident: the firewall log says the attack happened at 14:32:15, but the server log shows 14:35:47. Which is right? If devices aren't synchronized, you can't correlate events—you can't tell what happened first, or even if they happened at the same time.

Why NTP matters:
  • Log correlation: Security forensics requires synchronized timestamps across all devices
  • Authentication: Kerberos tickets expire based on time—clocks must be within 5 minutes
  • Certificates: TLS certificates have validity periods checked against system time
  • Scheduled tasks: Backup jobs, routing protocol timers, and cron jobs depend on accurate clocks

The stratum concept: NTP uses layers (strata) to measure distance from the authoritative time source. Stratum 0 is the actual atomic clock or GPS receiver. Stratum 1 devices connect directly to that clock. Each hop away adds a stratum. Your network devices might be stratum 3 or 4—accurate enough for most purposes.