2.1 Ensure NTP time synchronization is configured properly

Information

Network Time Protocol (NTP) synchronization should be configured correctly and enabled on each
VMware ESXi host to ensure accurate time for system event logs. The time sources used by the ESXi hosts should
be in sync with an agreed-upon time standard such as Coordinated Universal Time (UTC). There should be at minimum
two NTP sources in place, and they should sync whenever possible.

*Rationale*

By ensuring that all systems use the same relative time source (including the relevant
localization offset), and that the relative time source can be correlated to an agreed-upon
time standard, you can make it simpler to track and correlate an intruder's actions when
reviewing the relevant log files. Incorrect time settings can make it difficult to inspect and
correlate log files to detect attacks, and can make auditing inaccurate.

Solution

Perform the following From the vSphere web client-

1. Select the host.
2. Click 'Manage' -> 'Settings' -> 'System' -> 'Time Configuration'.
3. Click the 'Edit...' button.
4. Click on 'Use Network Time Protocol'.
5. Provide the name and / or IP of your NTP servers. Separate servers with commas.
6. If the NTP Service Status is 'Stopped', click on 'Start'.
7. Change the startup policy to 'Start and stop with host'.
8. Click 'OK'.To implement the recommended configuration state, run the following PowerCLI
command-# Set the NTP Settings for all hosts
# If an internal NTP server is used replace pool.ntp.org with
# the IP address of the internal NTP server
$NTPServers = 'pool.ntp.org', 'pool2.ntp.org' Get-VMHost | Add-VmHostNtpServer
$NTPServers

Default Value-The prescribed state is not the default state.

See Also

https://workbench.cisecurity.org/files/2168

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-8, CSCv7|6.1

Plugin: VMware

Control ID: aa8dc16fff03c19fe4671809c59f9a11e655d5a17890bd478dfd141cedcc8769