Network Time Protocol ' NTP is a protocol or secure synchronization of clocks in ‘computer systems. "= NTP uses UDP por 123. ‘= SNTP isa simpler less secure version of NTP. = You can configure your own master clock source or use pubic NTP server rom th Itomat ‘= NTPv3 is defined in RFC 1305 and supports cryptographic ‘authentication between peers. [NTP is secure method wo synchronize date and time settings for devices onthe network. NTP ‘uses UDP port 123 and is documented in RFC 130. Simple Network Time Proteol (SNTP) is simpler, les secure version of NTP. ‘When you implement NTP ia your network, you ca setup your own matter clk, or you can ‘sea publicly available NTP server onthe Internet. Ifyou implement your ows raster clock, {you should synchronize the private network to Coordinated Universal Time (UTC) via satelite orraco, “You need tobe careful when you implementNTP. An attacker can launch a denial of service ‘(BoS) attack by sending bogus NTP data across the Intemet to your network in an atempt to ‘change te clocks on network devices, posibly causing digital certificates to become invalid. ‘Furtber, an atacker could atempt to confuse a network administrator during an attack by ‘disrupting the clocks on network device. Tis scenario would make it ffcult forthe network ‘administrator to determine the order of syslog events on multiple devices. [NTP version 3 (NTPV3) and above support a cryptographic authentication mechanism between [NTP peers. You can use this authentication mechanism, in addition to ACL that specify which network devices are allowed to synchronize with other network devies, to belp mitigate such an attack, “You should weigh the benetis of pulling the clock ime from the Internet against the possible sis of doing so and allowing unsecured packets through the frewall. Many NTP servers onthe Internet do not require any auhentication of peers. Therefore, the network administrator must ‘rst tat the clock ites reliable, valid, and secure. 1 2008 Gao Sons be Paina Seaaly 2168ig NTP with Cisco SDM g—O0— & 8 ot “NTP allows routers on your network to synchronize their time settings with an NTP server. A g10up ot NIP eens that obtain time and date information from a single soure wil have more consistent time settings. Cisco SDM allows you to view the NTP server information tht has “bom configured, add new information, and editor delete existing information, Follow these steps to add an NTP server using Cisco SDM: Step Stop 2 Stops Stop Steps Choose Configure > Additional Tasks > Router Properties > NIPISNTP. The [NTP pane appears, displaying the information for any configured NTP servers ‘your outer dose nat uppart NTP commands, th NTPIGNTP option wilt appear ithe Rotor Properties toe. ‘Toadd anew NTP server, click Add. The Add NTP Server Details window appears, ‘You can add an NTP server by name (if your router is configured to use & Domain Nane System [DNS] serves) or by IP address. To add an NTP server by IP adress, centr th IP address ofthe NTP server in the field next to the NTP Server IP Address ‘option, If your organization docs not have an NTP server, you may want to use & publicly availabe server, such asthe server list that is deserbed at Itp/suppor.ntporg/bin view/ServersWebHome rem the NTP Source Interface drop-down list, choose the interface thatthe router will se to communicate with the NTP server. The NTP Source Interface i an ‘optional field. Ifyou leave this field blank, NTP messages willbe sent out the cloves interface per the routing table. (Chock the Prefer check box if this NTP server has been designated asa prefered [NIP server. Prefered NTP carver are contacted before nonpreerred NTP server ‘You may have more than one preferred NTP server. “Fe Insorening Gaza OS Nek Seay (NS) vi (2008 ao Sona neStop 6 Ifthe NTPscrver you are adding uses authentication, check the Authentication Key ‘check box ind enter th key number, the key value, and confirm the key value. Step? Click OK Wo finish adding the server, ‘he resulting CLI command that Csco SDM will yenerate based on the example inthe igure np server 10.1.1 key cisco sonreefastethernet00 prefer. emoscem seme SSSSS*~*~*~*~SSS* ty 2