The SEL-2740S must authenticate Network Time Protocol sources using authentication that is cryptographically based.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-94589 | SRG-APP-000395-NDM-000347 | SELS-ND-001025 | SV-104419r2_rule | 2019-05-06 | 1 |
| Description |
|---|
| If Network Time Protocol is not authenticated, an attacker can introduce a rogue NTP server. This rogue server can then be used to send incorrect time information to network devices, which will make log timestamps inaccurate and affect scheduled actions. NTP authentication is used to prevent this tampering by authenticating the time source. |
| ℹ️ Check |
|---|
| Verify NTP packets only traverse on the private network by traffic engineering both the physical path and redundant path between switch and NTP server. 1. Login to the OTSDN Controller with permission Level 3 rights into parent. 2. Go to the Configuration Objects settings page. 3. Review the NTP Server IP addresses in the settings fields. If the IP addresses are not within the private network, this is a finding. |
| ✔️ Fix |
|---|
| Deploy the NTP server within the private network. Provision both the physical path and redundant path between the switch and NTP server to ensure NTP packets only traverse the private network. Use multilayer packet inspection at each hop of the switches to whitelist only the intended NTP clients and server can communicate to each other. |