2.3.1.4 Set 'key' for each 'ntp server'

Information

Specifies the authentication key for NTP.

Rationale:

This authentication feature provides protection against accidentally synchronizing the ntp system to another system that is not trusted, because the other system must know the correct authentication key.

Impact:

Organizations should establish three Network Time Protocol (NTP) hosts to set consistent time across the enterprise. Enabling the 'ntp server key' command enforces encrypted authentication between NTP hosts.

Solution

Configure each NTP Server to use a key ring using the following command.

hostname(config)#ntp server {<em>ntp-server_ip_address</em>}{key <em>ntp_key_id</em>}

Default Value:

No NTP key is set by default

See Also

https://workbench.cisecurity.org/files/3829

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-7, 800-53|AU-8, CSCv7|6.1

Plugin: Cisco

Control ID: 85e09aa75ff514e10902382f6c40064dfe9ffbcbd53975d71b897cfb9bd5466d