cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
258
Views
0
Helpful
1
Replies

NTP authentication for CallManager

teru-lei
Level 1
Level 1

Hi All,

Any body has experience of NTP authentication for CM 4.1(3)? there is ntpkeygen file in the NTP folder, but can not find document for how to use it. Can any body give some idea?

Thanks!

Best Regards,

Teru Lei

1 Reply 1

gogasca
Level 10
Level 10

Hi Teru,

The CallManager platform OS does not support the use of authenticated NTP. This function is required to better secure the network infrastructure. Without the use of NTP authentication, ACLs on the routers are necessary to ensure proper communication. NTP becomes more of an issue now that CallManagers are using certificates because the modification of the network time can invalidate certificates. For example:

1. Attacker changes year to 2006

2. Certificates are issued with a start year of 2006

3. Attacker changes year back to 2005

In other words, issuing certificates with a start year of "2006" and then means that those devices will not be able to function properly until 2006. NTP could be used as a form of denial of service. This is a request to provide NTP authentication support in the CallManagers to work with Cisco IOS NTP authentication, to be used in conjunction with ACLs.

We filed a DDTS for this as an enhancement.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: