Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-15836 | ESX0400 | SV-16775r1_rule | Medium |
Description |
---|
Since NTP is used to ensure accurate log file timestamps for information, NTP could pose a security risk if a malicious user were able to falsify NTP information. Implementing authentication between NTP peers can mitigate this risk. When hashing authentication is enforced, there is a greater level of assurance that NTP updates are from a trusted source. |
STIG | Date |
---|---|
VMware ESX 3 Server | 2016-05-13 |
Check Text ( C-16183r1_chk ) |
---|
NTP authentication is used by time clients to authenticate the time server to prevent rogue server intervention. NTP authentication is based on encrypted keys. A key is encrypted and sent to the client by the server, where it is unencrypted and checked against the client key to ensure a match. NTP keys are stored in the ntp.keys file in the following format: Key-number M Key (The M stands for MD5 encryption), e.g.: 1 M secret 5 M RaBBit 7 M TiMeLy 10 M MYKEY The NTP configuration file ntp.conf specifies which of the keys are trusted. Any keys specified in the keys file but not trusted will not be used for authentication, e.g.: trustedkey 1 7 10 In this example, 5 is not trusted, only 1, 7, and 10 above. 1. On the ESX Server service console perform the following: # cat /etc/ntp.conf Review the configuration file to verify that the following are uncommented: authenticate yes …. keys /etc/ntp/keys If these are commented out, this is a finding. 2. Next verify that the trusted keys are configured in the ntp.conf file. trustedkey If none are listed, this is a finding. 3. Next, review the keys file located at /etc/ntp/keys by performing the following: # cat /etc/ntp/keys Verify that keys are listed in the keys file. File should look similar to the following: 5 M RaBBit 7 M TiMeLy 10 M MYKEY If no keys are configured here, this is a finding. |
Fix Text (F-15787r1_fix) |
---|
Configure the ESX Server to authenticate the time source. |