How and when to set Windows logging to UTC time

As networks become more distributed and cloud-based, you should consider changing servers to UTC time to ensure proper syncing. This will help with forensics investigations.

The concept of time zones is a relatively one. In England, to organize trains and schedules, the concept of railway time was introduced to overcome the confusion caused by having non-uniform local times in each town and station stop. It was also used to reduce accidents and issues in scheduling trains entering and leaving stations. As travel increased in scope and type, the need for standardization demanded that we had time zones. As we added technology, we just built on the concept of the need for local time.

Once upon a time we set the logging for servers in the local time of wherever they were located. This made correlation of events, especially to local computers, consistent and relatively easy. Then the internet was born, and we moved our servers to the cloud and data centers. Suddenly, setting logging to local time made no sense at all. Add to that having help desks and distributed organizations and making the correlation across organizations means that moving logging to Coordinated Universal Time (UTC) may be wise.

What is UTC and why is it important to security?

UTC is a 24-hour time standard that helps the world’s timing centers keep their time scales synchronized. It is based on Universal Time (UT1), which uses the speed of the Earth’s rotation to measure time.

As I explained earlier, if you cannot properly sync time across your network, it can have negative effect on security updates, authentication and forensics investigations. Moving logging to UTC helps keep your entire network in sync.

To continue reading this article register now

FREE Download: Get the Spring 2019 digital issue of CSO magazine today!