Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-259936 | SRG-VOIP-000560 | SV-259936r948782_rule | Medium |
Description |
---|
Action cannot be taken to thwart an attempted DOS or compromise if the system administrators responsible for the operation of the SBC and/or the network defense operators are not alerted to the occurrence in real time. |
STIG | Date |
---|---|
Enterprise Voice, Video, and Messaging Policy Security Requirements Guide | 2024-03-12 |
Check Text ( C-63667r946727_chk ) |
---|
Verify the DISN NIPRNet IPVS SBC is configured to notify system administrators and the ISSO when the following conditions occur: - Any number of malformed SIP, AS-SIP, or SRTP/SRTCP messages are received that could indicate an attempt to compromise the SBC. - Excessive numbers of SIP or AS-SIP messages are received from any given IP address that could indicate an attempt to cause a DoS. - Excessive numbers of messages are dropped due to authentication or integrity check failures, potentially indicating an attempt to cause a DoS or effect a man-in-the-middle attack. If the SBC does not notify system administrators and the ISSO when attempts to cause a DoS or other suspicious events are detected, this is a finding. NOTE: The VVoIP system may allow SIP and SRTP traffic encrypted and encapsulated on port 443 from cloud service providers. |
Fix Text (F-63574r946728_fix) |
---|
Ensure the DISN NIPRNet IPVS SBC is configured to notify system administrators and the ISSO when the following conditions occur: - Any number of malformed SIP, AS-SIP, or SRTP/SRTCP messages are received that could indicate an attempt to compromise the SBC. - Excessive numbers of SIP or AS-SIP messages are received from any given IP address that could indicate an attempt to cause a DoS. - Excessive numbers of messages are dropped due to authentication or integrity check failures, potentially indicating an attempt to cause a DoS or an attempt to effect a man-in-the-middle attack. NOTE: The VVoIP system may allow SIP and SRTP traffic encrypted and encapsulated on port 443 from cloud service providers. |