2.2 NTP Security Protection - c) NTP Auth-key encrypted

Information

From the perspective of security, the equipment should support the NTP clock synchronization protocol to ensure that all the equipment in the network have the same clock and that the log timestamps are correct. ROSNG supports the NTP protocol.

In addition, in order to ensure the security of the NTP protocol, it supports ACL filtering to limit NTP packets that enter the IP network device from the external network, and allows MD5 authentication on NTP sessions.

Solution

It is recommended to config NTP for clock synchronization, and also set the ipv4-access-list filtering rules and authentication key.

ZXR10#config terminal
ZXR10 (config)#ntp authenticate
ZXR10 (config)#ntp authentication-key 1 md5 clear xxxxxxx
ZXR10 (config)#ntp trusted-key 1

See Also

https://support.zte.com.cn/support/doccenter/DocumentProductHandBookDetail.aspx?sid=102&id=30768582&type=docfeedback

Item Details

Audit Name: Tenable ZTE ROSNG

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-8(1)

Plugin: ZTE_ROSNG

Control ID: 582326915d07e64fe3293db86426456454b8655814a6373c0b9d2a1a2d919bf9