1.7.4 Configure NTP Authentication

Information

By default, NTP is a clear text, unauthenticated protocol. However, it can be configured to authenticate time sources. NTP authentication is an upstream protocol only - authenticated clients have assurance that they are receiving correct time, that the ntp packets have not been tampered with.

Rationale:

Configuring authentication ensures that if the server key does not match the key configured on the NTP client, that the client will drop any NTP replies from that server. If multiple keys are configured,

Solution

switch(config)# ntp authenticate
switch(config)# ntp authentication-key 42 md5 my-ntp-key
switch(config)# ntp trusted-key 42
switch(config)# ntp server 132.246.11.231 use-vrf management key 42

Default Value:

By default NTP is not configured.
If NTP is configured, by default it is unauthenticated.

See Also

https://workbench.cisecurity.org/benchmarks/6524

Item Details

Category: ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

References: 800-53|AC-2(1), 800-53|AU-7, 800-53|AU-8, CSCv7|6

Plugin: Cisco

Control ID: 9fe208ec451c3d7991d433b58b0168e9421a3a76047f87ccd6f8375cfcf491f7