UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Session Border Controller (SBC) must be configured to only process signaling packets whose integrity is validated.


Overview

Finding ID Version Rule ID IA Controls Severity
V-259930 SRG-VOIP-000500 SV-259930r948776_rule Medium
Description
The validation of signaling packet integrity is required to ensure the packet has not been altered in transit. Packets can be altered during uncontrollable network events, such as bit errors and packet truncation that would cause the packet to contain erroneous information. Packets containing detectable errors must not be processed. Packets can also be modified by a man-in-the-middle attack. The current Unified Capabilities Requirements (UCR) document specifies the hashing algorithm to be used during transmission.
STIG Date
Enterprise Voice, Video, and Messaging Policy Security Requirements Guide 2024-03-12

Details

Check Text ( C-63661r946709_chk )
Verify the DISN NIPRNet IPVS SBC is configured to only process signaling packets whose integrity is validated. Inspect the configurations of the EBC to determine compliance with the requirement.

If the SBC does not validate the integrity of the received signaling packets, this is a finding.

If the SBC is not configured to drop packets whose integrity is not validated, this is a finding.

NOTE: The VVoIP system may allow SIP and SRTP traffic encrypted and encapsulated on port 443 from cloud service providers.
Fix Text (F-63568r946710_fix)
Ensure the DISN NIPRNet IPVS SBC is configured to only process signaling packets whose integrity is validated. The current UCR document specifies the hashing algorithm to be used during transmission.

NOTE: The VVoIP system may allow SIP and SRTP traffic encrypted and encapsulated on port 443 from cloud service providers.