HP 6125XLG R2306-HP 6125XLG Blade Switch Network Management and Monitoring Con - Page 18
NTP security, NTP access control, NTP authentication
 |
View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 18 highlights
NTP security To improve time synchronization security, NTP provides the access control and authentication functions. NTP access control You can control NTP access by using an ACL. The access rights are in the following order, from least restrictive to most restrictive: • Peer-Allows time requests and NTP control queries (such as alarms, authentication status, and time server information) and allows the local device to synchronize itself to a peer device. • Server-Allows time requests and NTP control queries, but does not allow the local device to synchronize itself to a peer device. • Synchronization-Allows only time requests from a system whose address passes the access list criteria. • Query-Allows only NTP control queries from a peer device to the local device. The device processes an NTP request, as follows: • If no NTP access control is configured, peer is granted to the local device and peer devices. • If the IP address of the peer device matches a permit statement in an ACL for more than one access right, the least restrictive access right is granted to the peer device. If a deny statement or no ACL is matched, no access right is granted. • If no ACL is created for a specific access right, the associated access right is not granted. • If no ACL is created for any access right, peer is granted. This feature provides minimal security for a system running NTP. A more secure method is NTP authentication. NTP authentication Use this feature to authenticate the NTP messages for security purposes. If an NTP message passes authentication, the device can receive it and get time synchronization information. If not, the device discards the message. This function makes sure the device does not synchronize to an unauthorized time server. Figure 7 NTP authentication Message Compute the digest Sender Key value Message Key ID Digest Sends to the receiver Message Key ID Digest Key value Compute the digest Digest Compare Receiver As shown in Figure 7, NTP authentication works as follows: 1. The sender uses the MD5 algorithm to calculate the NTP message according to the key identified by a key ID, and sends the calculated digest together with the NTP message and key ID to the receiver. 2. Upon receiving the message, the receiver finds the key according to the key ID in the message, uses the MD5 algorithm to calculate the digest, and compares the digest with the digest contained 12
-
1 -
2
-
3
-
4
-
5
-
6
-
7
-
8
-
9
-
10
-
11
-
12
-
13 -
14 -
15 -
16 -
17 -
18 -
19 -
20 -
21 -
22 -
23 -
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
 |
 |
