NetClock 9300/9200 Series
Spectracom products running LINUX are only susceptible if an attacker is able to successfully authenticate with the product and gain shell access.
Microsoft Windows PCs (such as Windows XP, 2000, 2003, 2008, 7, etc) can be configured to sync to a Spectracom NTP time server. Many newer versions of Windows use the built-in "Windows Time Service (aka W32Time) for external time synchronization. Spectracom's "Synchronizing Windows Computers" Tech Note assists with configuring Windows computers..
Thirteen low and medium severity vulnerabilities were identified in NTP versions 4.2.8p3 and earlier. This affects SecureSync and NetClock 9400 products running SW versions 5.3.0 and earlier, and all NetClock 9200/9300 product versions.
Manufacturers part numbers for the 9300 Series Netclock rear panel terminal block connectors
Spectracom GPS time servers automatically manage the leap second correction. They follow GPS, NTP, and PTP specifications so no user interaction is required. We recommend evaluation and testing your NTP clients' ability to correctly manage a leap second event.
On December 18, 2014, several NTP vulnerabilities were published as CVE-2014-9293 thru 9296. The vulnerabilities are based on queries from an unknown entity. By default external queries are turned off in SecureSync and NetClock products and are appropriate mitigation against these vulnerabilities.
Bash is used in Spectracom's NetClock 9200, 9300, 9400 and SecureSync network applicance although the risk is minimal. This article describes the patch schedule, analysis of risk, and recommendations for those who are concerned about the vulnerability.
How to mitigate the POODLE vulnerability by disabling SSLv3, before Spectracom software fixes for SecureSync and 9400 models will eliminate the issue.
The vulnerability in Open SSL, known as the Heartbleed bug, makes some Spectracom products susceptible. A software patch fixes the bug. Alternatively network access controls, shutting down the management port, and changing user passwords are mitigating actions.
If the NetClock Model 9300/9200 series time server's admin password is no longer known, it will need to be reset back to the factory default password to restore access. Software versions 3.6.0 and higher allow the admin password to be able to be reset via an RS-232 connection. Earlier versions of software (Versions 3.5.0 and below) require a Compact Flash card inside the time server be changed, to reset the password back to the default value.
Potential Vulnerability CVE-2013-5211 is associated with “Monlist”, an available feature of NTP’s NTPDC functionality. The Spectracom Model 9300 and 9200 series NTP time servers allow NTPQ/NTDC (and therefore, also Monlist) to be disabled (these are both disabled by factory default) to mitigate this potential vulnerability. Note that NTPQ and NTPDC being disabled does not affect the operation of NTP synchronizing clients on the network.
Windows w32tm has a utility called "stripchart" which can provide periodic (such as every two seconds by default) time differences between a Windows PC and an NTP server on the network. This can either be the same NTP server that it normally syncs with, or any other NTP server on the network.
Most newer Models of NTP time servers can be NTP peered together for continued NTP operation upon loss of GPS reception. NTP clients can often be configured to get time from more than one NTP server for automatic fail-over capability (this is dependent upon the NTP client software running on the clients).
The NTP time server Models 9283, and 9289 use an external power pack for its input power A 12vdc power pack is used. unless an Optional Rubidium oscillator is installed . This Option required a 24vdc power pack, instead.
The NTP time server Models 9383 and 9389 use an external power pack for its input power. A 12vdc power pack is used, unless an Optional Rubidium oscillator is installed. This Option requires a 24vdc power pack, instead. Replacement power packs are available from us.
The Ethernet time server Model 9388 use an external 12vdc power pack for its input power. Replacement power packs are available from us.
The NTP time server Model 9288 uses an external 12vdc power pack for its input power.
Automachron (freeware) is a great utility for testing the NTP output of a Spectracom NTP time server.