Note: When you configure NTP Autokey, you must first disable the
NTP service in the NTP Services panel, then re- enable it after
Autokey configuration is completed.
Mark as Preferred: Check this box to prefer this NTP Peer over other NTP Peers
("NTP Peer Preference"). This will result in SecureSync synchronizing more fre-
quently with this Peer. For additional information on NTP Preferences, see "Con-
figuring "NTP Stratum 1" Operation" on page102.
Note: Please note that it is not advisable to mark more than one NTP
Peer as Preferred, even though SecureSync will not prevent you from
doing so.
5.
Click Submit, or press Enter.
2.14.9 NTP Authentication
Since NTP information is distributed across entire networks, NTP poses a security risk:Falsified
NTP time stamps or other NTP-related information can be exploited by an attacker. NTP authen-
tication keys are used to authenticate time synchronization, thus detecting a fake time source
before it can do harm.
2.14.9.1 NTP Autokey
The NTP version installed on SecureSync supports the Autokey Protocol. The Autokey Protocol
uses the OpenSSL library which provides security capabilities including message digests,
digital signatures and encryption schemes. The Autokey Protocol provides a means for NTP to
authenticate and establish a chain of trusted NTP servers.
NTP Autokey: Support & Limitations
Currently, SecureSync supports only the IFF (Identify Friend or Foe) Autokey Identity Scheme.
The SecureSync product web interface automates the configuration of the IFF using the MD5
digests and RSA keys and certificates. At this time the configuration of other key types or other
digests is not supported.
Note: When you configure NTP Autokey, you must disable the NTP service first,
and then re-enable it after Autokey configuration is completed.
2.14 Configuring NTP
CHAPTER 2 • SecureSync User Reference Guide Rev. 26
111
To Next Page
Loading...
Need help?
General
