6.7.2 Ensure Multiple External NTP Servers are set

Information

At least 3 External NTP Servers should be set

Rationale:

Keeping time settings consistent across a network is vital if log data is to be meaningful and usable in understanding faults and security incidents. Consistent time settings are also fundamental to the operation of some network protocols and services such as IPSec, PKI and 802.1x which may be critical to many networks.

In sensitive environments, to ensure that the time on your JUNOS devices is consistent with other devices in your network, at least three NTP Servers external to the device should be configured.

Although NTP provides for a Peer to Peer type implementation, where individual time servers are not specified and methods such as broadcast and multicast are utilized to synchronize time between hosts, in almost all real world cases a Server / Client model should be used for network devices - even if multicast or broadcast methods are used for other types of hosts. Using specified time sources allows you to better secure, monitor and manage your NTP implementation; simplifying debugging and allowing tighter control of NTP traffic.

IETF BCP 13 (Best Common Practice), suggests that 'Operators who are concerned with maintaining accurate time SHOULD use at least 4 independent, diverse sources of time. Four sources will provide sufficient backup in case one source goes down. If four sources are not available, operators MAY use fewer sources, subject to the risks outlined above.'

Options for NTP time sources may include Public NTP Servers, such as those provided by pool.ntp.org, Shared NTP Servers, such as those provided by many Internet Exchanges for use by members, or Private NTP Servers operated by your organisation for your own exclusive use and synchronised using MSF Radio, GPS or internal Crystal/Atomic Clocks.

It is Strongly Recommended that administrators of devices requiring Level 2 compliance consider the use of Private NTP Servers for some or all of the time sources within the NTP Architecture.

Using multiple NTP Servers, not only provides for a more reliable service, but also protects against 'Falsetickers' (compromised or untrustworthy time sources providing incorrect time). This is based on the rule of needing 2n+1 True clocks, where n is the number of true clocks.

So protection against 1 falseticker requires 4 upstream servers, against 2 falsetickers 5 upstream and 7 are needed to protect against 3 compromised sources. See SelectingOffsiteNTPServers at NTP.org for a more detailed discussion.

Impact:

If time is not synchronised between devices, log messages cannot readily be correlated to allow administrators to understand events on the network. In addition, many services such as IPSEC, PKI or 802.1x which rely on Encryption may not function correctly if time and date settings are not properly maintained.

Solution

Configure at least 3 External NTP Servers using the following commands under the [edit system] hierarchy;

[edit system]
user@host#set ntp server <Servers IP>

Default Value:

By default Juniper routers do not have NTP servers configured and use locally managed time.

See Also

https://workbench.cisecurity.org/files/3069

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-8, CSCv6|6.1, CSCv7|6.1

Plugin: Juniper

Control ID: 29cb1c1e1ad1cad3dc93197e10e3be4d7cce46f2ea2c52fc898f48c3e05976d1