Is very important for the accuracy of NTP network security, the
right setting only takes very little time, to protect its security nor any
additional inputs, but in safety improvements will be very large. Below, I will
give you a detailed introduction to the network time setting.cisco wholesale
One, what is the network time protocol
The network time protocol (NTP) is a kind of user datagram
protocol (UDP) based on the server as a special protocol client, can be used to
synchronize the time of network equipment.
For virtual private network, based on the time of the access
control list, time synchronization is a very important function; and in the
network debugging, safety testing and event correlation operation time, it is
also a very important factor.
NTP is used in a call layer concept, the so-called layer refers to
a device to an authoritative time source need to jump a few times. The 0 layer
refers to one or a series of atomic clock based on, it can provide very
accurate time concept. Is the 1 layer, it can get the information directly from
the 0 layers of the clock, so that jump a layer, second layer third can be
followed by analogy.
Two, the role of network time protocol
For the network NTP is a very important factor, so you have to
make sure that it is correct and reliable. To ensure the most simple and
feasible way is to build a first clock source in the network, to provide
accurate and reliable time source. Typically, the most common method is to
choose a device in the network, a router in general, synchronization with a
common time source first or second layer, as the local network of the main
clock source.
The internal equipment, server and host and the network clock
synchronizing time. On the firewall, which allows you to conduct a
comprehensive set of NTP through UDP port 123.
To ensure the authentication process of NTP through the router and
the implementation of NTP access control list, also can improve the network
security.
Three, ensure the safety of NIP
NTP authentication mode and you think may be different. NTP
certification in Cisco routers on the time, the key lies in the source host
(master clock), using the MD5 hash response. In the NTP certification time,
request the client rather than from a router.
In this process, verification is the integrity of the requesting
client source code, rather than the customer's effectiveness. This also means
that, the router does not require authentication operation normally do.
However, if the client authentication request is not approved for router
configuration, NTP synchronous operation will fail.
Therefore, in order to ensure the reliability and security of the
network, you should set the router to automatically for NTP synchronization in;
they should obtain time information from first different sources of the time,
and the establishment of authentication mechanism equivalent to between these
routers.
In the deployment of NTP time, the access control list is a very
useful tool. You can create an access control list of peer group to the network
IP address for authentication and control, to ensure the security of router
connection. In addition, you can also set up a "service" or
"access control list to determine the limit" on the router which
network IP address or network clock can query NTP.
The above mainly from the practice to introduce the configuration
techniques of network time protocol, it also introduces the basic information
of NIP protocol, this paper can give us the time protocol is of great help to
understand.
没有评论:
发表评论