 | Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
Debugging and troubleshooting are much easier when the timestamps in the log files of all routers are synchronized, because events that span the network can be correlated with synchronous entries in multiple logs. We strongly recommend the using the Network Time Protocol (NTP) to synchronize the system clocks of routers and other network equipment.
By default, NTP operates in an entirely unauthenticated manner. If a malicious attempt to influence the accuracy of a router’s clock succeeds, it could have negative effects on system logging, make troubleshooting and intrusion detection more difficult, and impede other management functions.
The following configuration synchronizes all the routes in the network to a single time source. We recommend using authentication to make sure that the NTP peer is trusted. The boot-server statement identifies the server from which the initial time of day and date is obtained when the router boots. The server statement identifies the NTP server used for periodic time synchronization. The authentication-key statement specifies that an HMAC-Message Digest 5 (MD5) scheme is used to hash the key value for authentication, which will prevent the router from synchronizing with a attacker’s host posing as the time server.
- [edit]
- system {
-
- ntp {
- authentication-key 2 type md5 value "$9$aH1j8gqQ1gjyjgjhgjgiiiii";
# SECRET-DATA
- boot-server 10.1.4.1;
- server 10.1.4.2;
- }
- }
| Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |