An error occurred:

Check: ESX0400

VMware ESX 3 Server: ESX0400 (in version v1 r2)

Title

ESX Server is not authenticating the time source with a hashing algorithm. (Cat II impact)

Discussion

Since NTP is used to ensure accurate log file timestamps for information, NTP could pose a security risk if a malicious user were able to falsify NTP information. Implementing authentication between NTP peers can mitigate this risk. When hashing authentication is enforced, there is a greater level of assurance that NTP updates are from a trusted source.

Check Content

NTP authentication is used by time clients to authenticate the time server to prevent rogue server intervention. NTP authentication is based on encrypted keys. A key is encrypted and sent to the client by the server, where it is unencrypted and checked against the client key to ensure a match. NTP keys are stored in the ntp.keys file in the following format: Key-number M Key (The M stands for MD5 encryption), e.g.: 1 M secret 5 M RaBBit 7 M TiMeLy 10 M MYKEY The NTP configuration file ntp.conf specifies which of the keys are trusted. Any keys specified in the keys file but not trusted will not be used for authentication, e.g.: trustedkey 1 7 10 In this example, 5 is not trusted, only 1, 7, and 10 above. 1. On the ESX Server service console perform the following: # cat /etc/ntp.conf Review the configuration file to verify that the following are uncommented: authenticate yes …. keys /etc/ntp/keys If these are commented out, this is a finding. 2. Next verify that the trusted keys are configured in the ntp.conf file. trustedkey <number> If none are listed, this is a finding. 3. Next, review the keys file located at /etc/ntp/keys by performing the following: # cat /etc/ntp/keys Verify that keys are listed in the keys file. File should look similar to the following: 5 M RaBBit 7 M TiMeLy 10 M MYKEY If no keys are configured here, this is a finding.

Fix Text

Configure the ESX Server to authenticate the time source.

Additional Identifiers

Rule ID: SV-16775r1_rule

Vulnerability ID: V-15836

Group Title: Time source not authenticated with hash algorithm.

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
No CCIs are assigned to this check

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check