Sunday, 25 May 2008

Cisco Firewalls NTP

I had a comment this week about the NTP commands I posted didn't work some of you, after a quick investigation I found the problem is your talking about Cisco ASA (Adaptive Security Appliance) both these and PIX (Private Internet Exchange) do not have the same commands as Cisco routers, and previously I was talking about Cisco Routers.

So I'll try my best to keep my postings clear about what Cisco Appliance I'm talking about, so to recap this posting is about ASA and NTP.

In a simple model you could just use the IP of you NTP server and the interface that its on.

ntp server {ntp-server_ip_address} [source interface_name]

This would be enough in most networks where you are talking the time from the local NTP ether linux, unix or windows server.

However in large enterprise or where the time server is external I strongly recommend you use md5 encryption, other wise people can send time packets to the device that will confuse the time on the device and make tracking a real attack very hard.

ntp authenticate
ntp trusted-key {ntp_key_id}
ntp authentication-key {ntp_key_id} md5 {ntp_key}
ntp server {ntp-server_ip_address}{key ntp_key_id} [source interface_name]


This might sound like allot of work for one service but remember every service that is not locked down is a threat to your network, as it can and will be used against you, NTP might not sound very dangerous but it very useful for your attacker to be able to confuse you as to when the attack really took place.

No comments: