STIGQter: STIG Summary: Juniper Router NDM Security Technical Implementation Guide Version: 1 Release: 5 Benchmark Date: 24 Jul 2020: STIGQter: STIG Summary: Juniper Router NDM Security Technical Implementation Guide Version: 1 Release: 5 Benchmark Date: 24 Jul 2020:SV-101267r1_rule
V-91167
SRG-APP-000395-NDM-000347
JUNI-ND-001140
CAT II
10
Configure the router to authenticate NTP sources using authentication that is cryptographically based as shown in the example below.
[edit system ntp]
set authentication-key 1 type md5 value xxxxxxxxx
set authentication-key 2 type md5 value xxxxxxxxx
set server x.x.x.x key 1 prefer
set server x.x.x.x key 2
set trusted-key [1 2]
Note: SHA1 and SHA2-256 are supported with release 18.2.
Review the router configuration to verify that it is compliant with this requirement as shown in the configuration example below.
system {
…
…
…
}
ntp {
authentication-key 1 type md5 value "$8$LMK7NbHkPTQnVwF/"; ## SECRET-DATA
authentication-key 2 type md5 value "$8$I3KceWbwgJUH"; ## SECRET-DATA
server x.x.x.x key 1 prefer; ## SECRET-DATA
server x.x.x.x key 2; ## SECRET-DATA
trusted-key [1 2];
}
If the router is not configured to authenticate NTP sources using authentication that is cryptographically based, this is a finding.
V-91167
False
JUNI-ND-001140
Review the router configuration to verify that it is compliant with this requirement as shown in the configuration example below.
system {
…
…
…
}
ntp {
authentication-key 1 type md5 value "$8$LMK7NbHkPTQnVwF/"; ## SECRET-DATA
authentication-key 2 type md5 value "$8$I3KceWbwgJUH"; ## SECRET-DATA
server x.x.x.x key 1 prefer; ## SECRET-DATA
server x.x.x.x key 2; ## SECRET-DATA
trusted-key [1 2];
}
If the router is not configured to authenticate NTP sources using authentication that is cryptographically based, this is a finding.
M
3381