2.2 NTP Security Protection - b) NTP access-group

Information

From the perspective of security, the equipment should support the NTP clock synchronization protocol to ensure that all the equipment in the network have the same clock and that the log timestamps are correct. ROSNG supports the NTP protocol.

In addition, in order to ensure the security of the NTP protocol, it supports ACL filtering to limit NTP packets that enter the IP network device from the external network, and allows MD5 authentication on NTP sessions.

Solution

It is recommended to config NTP for clock synchronization, and also set the ipv4-access-list filtering rules.

ZXR10#config terminal
ZXR10 (config)#ntp access-group ipv4-access-list xxx

See Also

https://support.zte.com.cn/support/doccenter/DocumentProductHandBookDetail.aspx?sid=102&id=30768582&type=docfeedback

Item Details

Audit Name: Tenable ZTE ROSNG

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-7(11)

Plugin: ZTE_ROSNG

Control ID: 2f82deff603bac43ed018d14cb5edbecef692d2b9e678ae190f34e80ebb3273a