1.9.1.3 Ensure 'trusted NTP server' exists

Information

Sets a NTP server for which authentication is enabled in order to receive time information

Rationale:

When authentication is not enabled, attackers can disguise as NTP servers and broadcast wrong time and it will be difficult to correlate events upon an incident. In some other cases, attackers can perform NTP DDoS attacks such as NTP Amplification. The trusted NTP server will be authenticated through the NTP authentication key.

Solution

* Step 1: Acquire the authentication key ID <key_id>, the IP address of the NTP server <ip_address> and the interface <interface_name> used by the appliance to communicate with the NTP server.
* Step 2: Run the following to configure the trusted NTP server

HOSTNAME(CONFIG)# NTP SERVER _<ip_address>_ KEY _<key_id>_ SOURCE _<interface_name> _

See Also

https://workbench.cisecurity.org/files/1903

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-2, CSCv6|6.1, CSCv7|11.1

Plugin: Cisco

Control ID: 6d8c8518f83878c0b0dcfcd5fbda7fb6bbfa2d58b1861ca930192c77f3b81450