Title

The Google Search Appliance must synchronize with internal information system clocks which in turn, are synchronized on a 24 hour frequency with a 24 hour authoritative time source. (Cat II impact)

Discussion

Determining the correct time a particular application event occurred on a system is critical when conducting forensic analysis and investigating system events. Synchronization of system clocks is needed in order to correctly correlate the timing of events that occur across multiple systems. To meet that requirement the organization will define an authoritative time source and frequency to which each system will synchronize its internal clock. An example is utilizing the NTP protocol to synchronize with centralized NTP servers. Time stamps generated by the information system must include both date and time. The time may be expressed in Coordinated Universal Time (UTC), a modern continuation of Greenwich Mean Time (GMT), or local time with an offset from UTC. Applications not purposed to provide NTP services should not try to compete with or replace NTP functionality and should synchronize with internal information system clocks that are in turn synchronized with an organization defined authoritative time source.

Check Content

Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "Network Settings". If there are valid entries for all DNS servers, DNS suffixes, SMTP servers, NTP servers, this is not a finding.

Fix Text

Open the GSA Web Admin Console at https:<your GSA IP or hostname>:8443. Login to the GSA management interface. Navigate to "Administration", select "Network Settings". Ensure that valid entries for all DNS servers, DNS suffixes, SMTP servers, NTP servers.

Additional Identifiers

Rule ID: SV-75205r1_rule

Vulnerability ID: V-60753

Group Title: SRG-APP-000117

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.