Details
Enables NTP authentication in order to receive time information only from trusted sources
Rationale:
When authentication is not enabled, attackers can disguise as NTP servers and broadcast wrong time and it will be difficult to correlate events upon an incident. In some other cases, attackers can perform NTP DDoS attacks such as NTP Amplification.
Solution
Run the following command to enable NTP authentication
hostname(config)#ntp authenticate
Default Value:
Disabled by default
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Identification and Authentication.This control applies to the following type of system Cisco.