NTP Security
NTP is used to synchronize network devices/computer system time settings. Without NTP, computers would slowly drift away from each other in time. Eventually there would be a lot of differences between the clocks, even within one network of devices. For systems that require events to occur at a certain intervals, this is an issue. In terms of troubleshooting any network issues, having varying times on devices can make it hard to determine what time an outage approximately occurred. One device may show it received a reply much slower than expected due to time differences on the computers.
Why is NTP security important?
You only want to use time settings from trusted sources
An attacker may broadcast wrong time stamps
An attacker may be disguised as another time server
To ensure the device receives the correct settings, we must ensure it is contacting the correct NTP server. For this, we can use authentication. NTP authentication uses a key, a password you create so make it strong. This key must be known and trusted between the server and the clients. Authentication does not involve any kind of encryption. The key attached to the device's data acts as a digital signature that the other device, having the same key, can match and confirm they are reaching the correct server.
Command | Utility |
---|---|
ntp master 10 | |
show clock detail | to verify source is ntp & time is correct |
ntp server x.x.x.x | specify ip address of ntp server |
Security Configuration
Command | Utility |
---|---|
_ntp authenticate _ | |
ntp authentication-key x md5 xxxx | |
ntp server x.x.x.x key x |
NTP Commands
Command | Utility |
---|---|
show ntp status | to view devices current ntp status, stratum, reference, etc |
show ntp associations | to view if device has ntp master, OR AS MASTER: master ip, whether they are synced, metrics |
Last updated