All modern OS now keep accurate time by regularly synchronizing time over an untrusted network - Internet. Could an attacker conducting a MITM attack, influence or change the time of a computer while it is synchronizing time?
If the answer is yes to the previous question, how can such a thing be prevented while still using public NTP servers?
Full-fledged NTP implementations only allow a limited skew. For example, the de facto standard (formerly ISC) implementation on Linux will not deviate from the local clock by more than 1/2000 by default (a bit less than one minute per day). Hence an attacker cannot cause a huge clock deviation with such an implementation. In a typical site-wide or server setting, an attacker who can cause your clock to drift can also do far more worrisome things including significant DoS.
If you need more precision, get a clock that doesn't rely on the Internet. You can get time signals from many radio transmitters, from GPS, etc. Receivers start around $10 or so. An atomic clock makes you more independent, but it's, ahem, significantly more expensive.
NTP implementations on embedded devices (including many network appliances) are often dumber. Many of them will reset the date once a day or so without performing any consistency check (especially those without an internal clock, that must obtain a date at boot time anyway). So if at all possible be sure to configure all such devices to get the time from a reliable server in your internal network, not over the Internet.
If you do need extra security, NTP supports integrity and authenticity checks on time signals. These are enough to protect against an attacker who only injects fake NTP response packets. If the attacker can delay legitimate packets in transit, authenticating the packets is not enough. Your only option in that case is to reject responses if they take too long (the threshold depends on how much drift is permissible).
Here's a short article on how to secure NTP and outlines why it can be a potential security issue.
NTP provides an accurate hardware time reference for time critical processes and network infrastructure. Therefore, it can pose a security risk, particularly if malicious users attempt to modify or replicate timestamps in order to generate a false time on a networked computer or device.
If you feel you cannot trust NTP, consider using a combination of other sources, e.g. GPS, and flagging any significant skew to your operators/SOC. Whilst I have seen a talk by a tech from Cambridge about skewing GPS - it would be a highly sophisticated attack to MITM both GPS and NTP at the same moment and also to effect the same reported time.
There are a number of GPS appliance NTP servers that you can get although in the past I've just connected a GPS device to a linux server running NTP.
Some geographies have MSF radio broadcast signals, e.g. Anthorne in the UK, that could also be used if you have the right receiving equipment.
Does this answer your question? It goes in to fairly broad detail about what is possible, but in short, yes, it can be spoofed since the early days of the interweb didn't have much thought to security and NTP is a pretty old protocol. (It's only one year younger than me!!!)
It does beg the question why someone would bother though. Most major attacks are for profit these days and I don't see much of a point in faking the time. If it is for some type of access control purpose where you want to be able to get secure time, the best bet is to simply wrap the NTP connection in a VPN and that could guarantee the server and channel integrity.
