Securing NTP

CE.

NTP (Network Time Protocol) is a protocol used to synchronize the time on network devices. It is crucial to ensure that all devices on a network are using the same time to maintain consistency in logging and security.

To secure NTP, there are various mechanisms available. Out of these, two mechanisms are as follows:

A. IPsec: IPsec (Internet Protocol Security) is a protocol suite used to secure IP communications. It provides data confidentiality, integrity, and authentication between two or more network entities. IPsec can be used to secure NTP traffic between devices. By enabling IPsec on NTP traffic, the data is encrypted and authenticated, ensuring that it is not tampered with in transit. This helps to prevent attackers from modifying the NTP packets to introduce incorrect time information.

E. IP access list-based: IP access lists are used to filter IP traffic based on the source and destination IP addresses, protocol type, and port number. Access lists can be used to secure NTP traffic by filtering out unwanted traffic and allowing only authorized devices to access the NTP server. By using an access list to restrict access to the NTP server, an organization can prevent unauthorized devices from receiving time updates, which can help to prevent potential security issues.

In contrast, options B, C, and D are not mechanisms to secure NTP. B. IP prefix list-based is not used to secure NTP traffic but to filter IP packets based on prefix length. C. Encrypted authentication is a security mechanism used to secure the routing protocols such as BGP, OSPF, etc., but not for NTP. D. TACACS-based authentication is a protocol used to provide centralized authentication, authorization, and accounting (AAA) services to network devices but not to secure NTP traffic.

Therefore, options A and E are the correct answers as they provide mechanisms to secure NTP traffic.