NTP authentication for CallManager

Unanswered Question
Sep 20th, 2007

Hi All,

Any body has experience of NTP authentication for CM 4.1(3)? there is ntpkeygen file in the NTP folder, but can not find document for how to use it. Can any body give some idea?

Thanks!

Best Regards,

Teru Lei

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
gogasca Thu, 09/20/2007 - 18:23

Hi Teru,

The CallManager platform OS does not support the use of authenticated NTP. This function is required to better secure the network infrastructure. Without the use of NTP authentication, ACLs on the routers are necessary to ensure proper communication. NTP becomes more of an issue now that CallManagers are using certificates because the modification of the network time can invalidate certificates. For example:

1. Attacker changes year to 2006

2. Certificates are issued with a start year of 2006

3. Attacker changes year back to 2005

In other words, issuing certificates with a start year of "2006" and then means that those devices will not be able to function properly until 2006. NTP could be used as a form of denial of service. This is a request to provide NTP authentication support in the CallManagers to work with Cisco IOS NTP authentication, to be used in conjunction with ACLs.

We filed a DDTS for this as an enhancement.

Actions

This Discussion