Title

The RUCKUS ICX device must be configured to compare the internal system clocks on an organization-defined frequency with two organization-defined authoritative time sources. (Cat II impact)

Discussion

Synchronization of internal system clocks with an authoritative source provides uniformity of time stamps for systems with multiple system clocks and systems connected over a network.

Check Content

Verify NTP is configured and synchronizing with two peers: device#show ntp association address Domain name Reference Clock st when poll Reach delay offset disp *~ 216.239.35.8 None GOOG 1 56 64 377 30.444 2.0021 2.884 +~ 23.150.40.242 pool.ntp.org 204.9.54.119 2 61 64 377 44.339 -0.6625 1.220 * synced, # selected, + candidate, - outlayer, x falseticker, ~ configured, **More characters in domain name

Fix Text

Configure NTP clock synchronization. Configure NTP: device#configure terminal device(config)# ntp device(config-ntp)#server 216.239.35.8 (example IP) device(config-ntp)# write memory Configure NTP with authentication: device#configure terminal device(config)# ntp device(config-ntp)#server 216.239.35.8 (example IP) device(config-ntp)#authentication-key key-id 1234 sha1 testntpsession device(config-ntp)# write memory

Additional Identifiers

Rule ID: SV-273851r1110853_rule

Vulnerability ID: V-273851

Group Title: SRG-APP-000925-NDM-000330

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.