October 2021 - Telnet Networks

Orolia Signs an Agreement to Acquire Seven Solutions and Advances Its Positioning, Navigation and Timing Products and Technology

Merger to Deliver High-End Performance and Ultra-Accurate Timing and Frequency Products for Commercial, Critical Infrastructure and Military Markets Worldwide

Orolia, the world leader in Resilient Positioning, Navigation and Timing solutions, announced today that it has entered into a definitive agreement to acquire Seven Solutions, a global innovator in White Rabbit sub-nanosecond time transfer and synchronization technology. This transaction is subject to customary closing conditions and approvals required by the Spanish government and is expected to close before the end of the year.

“Orolia and Seven Solutions under one umbrella will combine our world-leading technologies to draw a new frontier in network timing to sub-nanosecond levels, delivering the most robust and accurate Resilient PNT solutions for our customers,” said Orolia CEO Jean-Yves Courtois.

“We believe the union of our companies will produce the future of time transfer and frequency distribution solutions in terms of accuracy, reliability and interoperability,” said Rafael Rodriguez, Chief Technology Officer and co-founder of Seven Solutions.

Orolia and Seven Solutions are members of the Open PNT Industry Alliance. The international organization focuses on market concepts that strengthen economic and national security by supporting government efforts to implement Resilient PNT capabilities for critical infrastructure.

Read the full press release here

Orolia Seven Solutions

Mitigating an NTP Distributed Denial of Service (DDoS) Attack

StableNet Network Management Solutions 7

Who Should Read This White Paper?

Network and System Engineers
Network and System Architects
Network and System Administrators
Directors/Managers of IT Infrastructure
CTOs

By Pritam Kandel

Introduction

Network time service is not something many businesses think about as a key component of their critical infrastructures. In fact, it is often overlooked entirely, and in error. As a result, the network architect or engineer often defaults to an easy alternative: using a server or network switch as the source of the network clock and synchronizing these sources to Internet time servers using Network Time Protocol (NTP).

However, is the “NTP over Internet” really a secure method to solve network timekeeping requirements? Is it okay for some industries, and not others? Let’s explore the subject.

NTP Over Internet: How Safe is It?

NTP, one of the oldest internet protocols in use, is the standard for synchronizing clocks between computers over a packet-switched network – such as the Internet.

According to the Akamai global state of the Internet security report (Summer 2018), NTP over Internet is the second most common protocol being attacked by DDoS. And, in just a year, DDoS attacks have increased by 16%.

Figure 1: A typical deployment of enterprise timekeeping using NTP over Internet.

Figure 1 shows how a typical NTP over Internet setup works. It consists of a public pool of NTP servers (NTP Stratum 1) that is used as a reference by internal time servers to receive time. This approach requires a communication path between the Internet and internal time servers through the firewall, which opens access to the network and creates a vulnerability that hackers can use to infiltrate your entire system. For networks using this method, not only can the timing infrastructure become ripe for cyberattacks, the quality of time is also compromised, in terms of both precision and accuracy.

A Better Solution: Your Own Stratum 1 NTP Server

If you are using the Internet as the source of your time, it is unfortunately a myth to believe that your firewall — even the next-gen firewall that comes with IDS (Intrusion Detection System) or IPS (Intrusion Prevention System) functionality – will protect you from DDoS attacks.

So how can you mitigate DDoS for time service?

The expression, “a chain is only as strong as its weakest link,” couldn’t be truer in the case of DDoS attacks. At Orolia, we recommend a very effective and simple solution to our customers: Eliminate the weakest link in the chain. In other words, don’t rely on the Internet for your network time.

Figure 2. A typical resilient timing infrastructure for enterprise with Orolia time servers.

Figure 2 shows how an enterprise can eliminate the “weakest link” – by building its own resilient and redundant network timekeeping infrastructure internally, using Orolia time servers, such as the SecureSync.

Each Orolia time server receives time signals through a GNSS (Global Navigation Satellite System) or GPS (Global Position System) antenna and regulates its internal high-quality oscillator clock with that information. The time, with accuracy under Nano seconds, is then distributed to the network. If NTP is used as the preferred protocol, then the server will operate at NTP Stratum level 1, and distribute safe, reliable time to the remainder of your network without the use of an internet connection.

Other Advantages of Internal Timekeeping

In addition to mitigating danger from DDoS attacks, time servers such as those from Orolia offer several other advantages, including:

Resiliency – Each Orolia time server unit can use multi-GNSS for its time reference. However, if a GNSS/GPS signal is not available, Orolia time servers also contain an internal holdover oscillator capable of maintaining accurate time for days, or even months, using atomic clock technology in the absence of a valid GNSS signal.
RF Signal Security – Anti-jamming, anti-spoofing and signal security are engrained in Orolia time servers. Customers in need of even higher levels of security also include our Broadshield™ and anti-jamming antenna solutions.
High Integrity UTC Traceable Time – Sophisticated threats can spoof GNSS. Though these threats are detectable by Broadshield, how is traceability to UTC maintained? STL is there for the rescue. As an alternate encrypted antenna signal, STL supplies powerful authentication to confirm that you have true UTC traceability.
Ease of Installation – Does your environment make it difficult to achieve roof access to capture a GNSS signal? Again, STL to the rescue. Much stronger than GPS or any GNSS signal, STL can be received indoors. At a recent demonstration, STL provided solid reception inside the NYSE building, located in one of the most severe urban canyons in the world, where a view of the sky for GNSS reception is very limited.
Multiple Options – In addition to full NTP compatibility, Orolia time servers support multiple protocols and options to distribute time, like Precision Time Protocol (PTP), Pulse Per Second (PPS) and other time signals as suited to customer requirements. Plus, industry-leading support is standard.

Conclusion

In today’s threat-laden environment, it is only too easy to jam or spoof the network, causing anything from minor disruption to extreme havoc within a critical infrastructure. Reliance upon NTP over Internet has inherent risks, which can easily be mitigated by using your own Stratum 1 NTP server, which will provide high-integrity UTC traceable time. Adding anti-jam and anti-spoof software and antennas will give you an even higher level of resiliency and security. The real question to ask yourself is: Can your company afford the risk of a DDoS attack? If the answer is no, then an upgrade to a Stratum 1 NTP server should be de rigueur.

ABOUT THE AUTHOR Pritam Kandel

Pritam Kandel is an Applications Engineer with over a decade of experience working in design, assessment and implementation of TCP/IP routing and switching infrastructure for network cores/backbones, datacenters, Internet edge and WAN. He is experienced with maintaining IT infrastructure, including Internet peering and ISP services, MPLS and carrier networks, and VoIP global infrastructure. He holds certifications in CCNP, CCNA, JNCIA, MPLS Deployment, Alcatel Lucent and NIX platforms. Pritam is a graduate of the Rochester Institute of Technology with an MBA in Technology Management and holds a Bachelor of Engineering in IT from Pokhara University.

Prevent Cybersecurity Blind Spots by Improving Network Visibility

By Geoff Perkins

Cybersecurity and network visibility go hand in hand. Without a holistic, complete view of every packet that travels in and out of your company, even the best, most advanced security tools will fail to provide adequate protection.

Unfortunately, network blind spots are all too common. As networks grow in both size and complexity, maintaining 100% visibility is a challenge. Evolving technology solutions, ever-increasing volumes of data, and the continuous expansion of the network edge mean IT managers often feel like they are facing a near-impossible task: securing what they can’t see – perhaps even when they’re unaware.

It’s well documented that blind spots can lead to performance issues but, more significantly, they can also be the gateway for a malicious attack.

Cybercriminals are also becoming more sophisticated. The rise of business email compromise attacks and the recent Colonial Pipeline ransomware incident highlights the effort and strategy today’s threat actors are putting behind their attacks. For organizations, this means that even a small visibility gap could allow attackers to find a foothold within your network.

What are network blind spots?

A blind spot is any hidden segment or device in your network, which your monitoring tool(s) cannot detect. Because you can’t see or monitor these areas, it’s impossible to know what’s happening in them or analyze the data between certain network segments.

Often, blind spots go undetected but, in some cases as the network expands, they become apparent. Particularly when data packets containing sensitive information suddenly vanish, only to appear in another system on your network hours later.

Where are network blind spots and what causes them?

Blinds spots can appear anywhere on your network. Most commonly, though, they’re found at the network edge. There’s no single cause for blind spots, but below are the most common reasons they occur:

New installations: Any new network equipment or applications that are installed could lead to blind spots if they are not properly architected to monitoring tools. Moreover, adding new equipment or remote locations to your network can increase complexity, making it more difficult to maintain visibility into what’s happening in different network segments.

Packet loss: SPAN or Port mirroring is a network switch software function. They work by ‘mirroring’ network traffic from your switch to your network tool for monitoring. However, these solutions aren’t accurate and reliable enough for today’s complex networks. Often, when they are oversubscribed, SPAN ports will drop packets, creating blind spots. In cases where a packet is errored or malformed, SPAN ports may also disregard this data, also known as packet loss.

Virtualization: While virtualization can be great for efficiency, the introduction of container-orchestration systems like Kubernetes has created real-time visibility challenges.

IoT and the Cloud: Network monitoring used to be a much simpler task. It was focused on the perimeter: monitoring traffic that traveled into your network, to your data center, and out again. Now, with the proliferation of cloud computing, smart devices, and remote working, most traffic now travels East-West. This means that it bypasses the enterprise core and the traditional security and network tools that sit around it.

Shadow IT: Employees feel more empowered than ever before to use third-party applications to stay productive. However, productivity and efficiency often trump security. Your employees may be sharing data with unknown applications or unmanaged devices, leading to visibility issues.

Network silos: Silos are seen when separate IT teams, whether it’s Operations (Ops, ITOps or I&O), Cybersecurity (IT Security, SecOps, DevSecOps), DevOps, Virtual teams or Tiger teams, etc., aren’t sharing data and traffic streams – this creates network silos and ultimately blind spots.

Encrypted Traffic: Many network monitoring tools don’t have the capabilities to inspect encrypted traffic. This results in serious visibility gaps and poor management of network traffic.

What challenges do blind spots pose to cybersecurity and performance?

Each blind spot on your network can be used as the basis for a cyber-attack. If a threat actor manages to get a foothold in your network, the fallout could be huge. IBM found that the average cost of a data breach in 2020 was a startling $4.24 million. But it’s not just the financial impact that matters. There’s also the potential loss of customers and damage to brand reputation that is at stake when a company suffers a breach.

Not only that, but blindspots make performance monitoring much harder. Without holistic visibility, you may miss a critical issue that causes an outage on your network. This can severely hurt the bottom line. As Gartner found, the average cost of IT downtime is $5,600 per minute. Additionally, devices located in blind spots areas are also hidden from view. This means that, if they have a configuration issue or an error occurs, they could have a knock-on effect on network performance, possibly creating congestion.

Finally, for IT teams, network blind spots simply make their jobs more difficult. Without complete network documentation and a full picture of the network, your engineers and architects will struggle to solve problems. Moreover, security team members will constantly be on the back foot, forced into reactive incident response rather than proactive defense.

Why preventing blind spots improves security and performance

It’s impossible to guarantee security and efficiency without visibility architecture. If you are able to shine a light on network blind spots, you are automatically reducing the likelihood of a cyber-attack, while making your IT team’s jobs much easier and productive.

Strong visibility enables proactivity; it allows the IT team to find and troubleshoot issues faster, based on holistic insights and patterns they can see from network monitoring. This, in turn, reduces the likelihood of downtime and network congestion, which both tend to drive up costs.

Furthermore, end users – be it employees or customers – will benefit from strong visibility architecture. Both employees and customers seek a consumer-like experience from the applications they interact with. They expect them to be fast, responsive, and always-on. Ensuring continuous, reliable uptime is a must to maintain a competitive edge.

Of course, visibility doesn’t necessarily equate to instant uptime – but it does enable you to find and remediate vulnerabilities before they cause trouble.

What is network visibility?

Network visibility is the antithesis of network blind spots. It’s the ability to have a complete, holistic, real-time, and trusted view of your network. Due to the growing complexity and uniqueness of enterprise network architecture, there is no blanket approach to creating network visibility. Achieving complete coverage requires proactivity and a combination of tools.

A good strategy should start with network performance monitors (NPM). These can be used to discover parts of your network that are underperforming, indicating a potential blindspot.

NPM’s can be used in conjunction with SPANs but, as we explored above, these solutions are not 100% reliable for continuous monitoring, which is why network TAPs are the industry standard as a more secure, efficient solution.

Network TAPs are purpose-built hardware devices, which allow you to analyze network traffic by copying packets, without impacting network integrity. These devices are typically placed between network devices, such as switches, routers, or firewalls, and copy both sides of the traffic flow. The more TAPs you deploy, the more likely you are to reduce blind spots within your network.

Creating a foundation visibility fabric of network TAPs and packet brokers ensures performance and security tools have a complete view of the network by providing the right packet visibility 24/7/365 – improving network visibility and preventing cybersecurity blind spots.

Looking to add network TAP visibility to your deployment, but not sure where to start? Contact us and we can help you get started.

Learn how to improve your threat detection and prevention tool deployment in this free whitepaper.

Download Now

Geoff Perkins is a Regional Sales Manager at Garland Technology. Geoff is passionate about solving network visibility challenges for customers across central United States.

Two problems need to be solved in any time-related application:

StableNet Network Management Solutions 5

Which clock is used as the reference for all other clocks
How to transfer the time from the reference clock to all other clocks

The solution is to use a master clock as your reference. Master clock systems are used in a wide variety of applications and industries including aerospace and defence, broadcast, radio and telecom, network systems, financial services, emergency operations, call centers, and healthcare — essentially anywhere reliability of data and signals are paramount.

What is a master clock?

A master clock takes one or more precise timing reference signals as inputs, and then converts and distributes those timing references to other devices. The method by which the accuracy of the master clock is transferred to other secondary clocks is known as synchronization. Typically, GPS satellite signals are utilized for synchronization to ensure accurate time, but other references may be used such as local atomic clocks or other time standards.

A core feature of all master clock systems is that they accept precise timing reference signals as input. It is a rare case for a master clock to be free-running and not continuously synchronized, or at least compared against an external reference. Orolia’s SecureSync modular time and frequency synchronization system can accept over 14 different signal types to discipline its local clock. This system can then generate a similar number of signal types to synchronize other devices. In case of loss of the external reference (or any redundant references), the local clock maintains timing accuracy using a local clock oscillator until the reference(s) can be restored. Several different clock oscillators are offered depending on the accuracy required during the “hold over” period.

Network master clocks can distribute their timing references over local or wide area networks. Master clocks with wireless transmitters enable synchronization of devices like display clocks without having to run wires between them for the synchronization signal. There are also highly accurate master clock solutions that utilize copper or fibre connections for precise analog and digital signal distribution, such as IRIG timecode signals.

Orolia offers a variety of master clock systems to meet the requirements for your application of accurate time. Learn more about flexible SecureSync Master Clocks

Master Clock SecureSync Time Synchronization