Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NTP authentication for CallManager

Hi All,

Any body has experience of NTP authentication for CM 4.1(3)? there is ntpkeygen file in the NTP folder, but can not find document for how to use it. Can any body give some idea?

Thanks!

Best Regards,

Teru Lei

1 REPLY
Green

Re: NTP authentication for CallManager

Hi Teru,

The CallManager platform OS does not support the use of authenticated NTP. This function is required to better secure the network infrastructure. Without the use of NTP authentication, ACLs on the routers are necessary to ensure proper communication. NTP becomes more of an issue now that CallManagers are using certificates because the modification of the network time can invalidate certificates. For example:

1. Attacker changes year to 2006

2. Certificates are issued with a start year of 2006

3. Attacker changes year back to 2005

In other words, issuing certificates with a start year of "2006" and then means that those devices will not be able to function properly until 2006. NTP could be used as a form of denial of service. This is a request to provide NTP authentication support in the CallManagers to work with Cisco IOS NTP authentication, to be used in conjunction with ACLs.

We filed a DDTS for this as an enhancement.

121
Views
0
Helpful
1
Replies