Rule ID
SV-284917r1212114_rule
Version
V1R1
If NTP is not authenticated, an attacker can introduce a rogue NTP server. This rogue server can then be used to send incorrect time information to network devices, which will make log timestamps inaccurate and affect scheduled actions. NTP authentication is used to prevent this tampering by authenticating the time source. Satisfies: SRG-APP-000395-NDM-000347, SRG-APP-000925-NDM-000330
Review the Cisco SNA appliance configuration to determine if the network device authenticates NTP endpoints before establishing a local, remote, or network connection using authentication that is cryptographically based. Navigate to SNA Dashboard >> Configure >> Central Management >> Inventory >> Actions... >> Edit Appliance Configuration >> Network Services >> NTP Server. Verify a key symbol appears next to each NTP Server Entry. If the Cisco SNA appliance does not authenticate Network Time Protocol sources using authentication that is cryptographically based, this is a finding.
Configure the Cisco SNA appliance to authenticate NTP sources using authentication that is cryptographically based. Navigate to SNA Dashboard >> Configure >> Central Management >> Inventory >> Actions... >> Edit Appliance Configuration >> Network Services >> NTP Server >> Actions >> Authenticate Connection. Enter a Key ID and Key Value. Apply Authentication.