Activation/deactivation of and permission to use the extension mobility feature is not properly controlled.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-21520	VVoIP 1670 (GENERAL)	SV-23732r1_rule	DCBP-1	Medium

Description
Extension mobility is a feature of a VVoIP system that permits a person to transfer their phone number extension and phone features (or configuration) to a phone that is not in their normal workspace. This is useful when a person is visiting a remote office away from their normal office and typically functions within an established enterprise wide VVoIP system where the system is designed as a contiguous system. In this case, the system is typically a single vendor solution. The system might be within one LAN/CAN may include multiple LAN/CANs at multiple interconnected sites. To activate this feature, the user approaches a phone that is not their regular phone and identifies themselves to the phone system via a username, password, pin, code, or some combination of these. Upon validation, the system configuration manager will configure the temporary phone to match the configuration of the user’s regular phone. Minimally, the phone number is transferred and possibly some or all of the user’s speed dial numbers and other personal preferences. This capability is dependant upon the capabilities of the temporary phone. Once activated the user’s inbound calls are directed to the temporary location. The user’s regular phone may or may not maintain its normal capabilities and also may also answer inbound calls. NOTE: This feature has nothing to do with LAN access control and is not related to moving physical phones/endpoints/instruments. The phone that is already in the temporary location is already authorized on the LAN and registered with the LSC. Moving phones requires pre-authorization and pre-configuration of the LAN access control mechanisms, potentially including the LSC. This feature should not be used to permanently move users from one office to another. NOTE: Extension mobility is similar to but not the same as forwarding ones calls. Forwarding is typically activated from the user’s normal phone or their user preferences configuration settings. Forwarding is therefore pre-set to a known location. Extension mobility is typically activated from the remote location and is activated upon arrival at that location. Extension mobility poses some vulnerabilities to the VVoIP system, user’s profile information, and conversations if not properly controlled. Extension mobility should be available only to those individuals that need to use the feature. There should be a configurable checkbox that enables/disables the feature within the configuration of the user’s normal phone or within the user’s profile. Making the feature available to all users all of the time broadens the exposure for potential compromise of other user’s profile information or conversations. Activation of the feature must not be via a feature button on the temporary phone or a commonly known code, either of which might be used along with the phone number to be transferred. This would leave all regular user’s phones vulnerable to anybody activating the feature from anywhere in the system to eavesdrop or collect information. Extension mobility transfer in some systems may have no time limitation. This means the temporary user’s phone configuration, preferences, speed dial information, and phone calls are available at the temporary phone until the transfer feature is deactivated. In the event the user does not specifically deactivate the transfer when they leave, the info is there until someone else deactivates it or another transfer is activated. While users should have the capability to deactivate the transfer at their discretion when they leave, the system should automatically deactivate the feature at some predetermined time of day or after a time period of inactivity. A timed deactivation might use a period of inactivity of one or two hours. Activation of the feature might be for a given period of time, such as eight hours, or for a user configurable time period set when they activate the feature. A time of day deactivation could be set to deactivate all such transfers at midnight each day. This feature might also be used as a backup for other methods. In the event controls such as those discussed above are not available, an extension mobility feature should be deactivated if the feature is provided or supported by the system.

Description

Extension mobility is a feature of a VVoIP system that permits a person to transfer their phone number extension and phone features (or configuration) to a phone that is not in their normal workspace. This is useful when a person is visiting a remote office away from their normal office and typically functions within an established enterprise wide VVoIP system where the system is designed as a contiguous system. In this case, the system is typically a single vendor solution. The system might be within one LAN/CAN may include multiple LAN/CANs at multiple interconnected sites. To activate this feature, the user approaches a phone that is not their regular phone and identifies themselves to the phone system via a username, password, pin, code, or some combination of these. Upon validation, the system configuration manager will configure the temporary phone to match the configuration of the user’s regular phone. Minimally, the phone number is transferred and possibly some or all of the user’s speed dial numbers and other personal preferences. This capability is dependant upon the capabilities of the temporary phone. Once activated the user’s inbound calls are directed to the temporary location. The user’s regular phone may or may not maintain its normal capabilities and also may also answer inbound calls. NOTE: This feature has nothing to do with LAN access control and is not related to moving physical phones/endpoints/instruments. The phone that is already in the temporary location is already authorized on the LAN and registered with the LSC. Moving phones requires pre-authorization and pre-configuration of the LAN access control mechanisms, potentially including the LSC. This feature should not be used to permanently move users from one office to another. NOTE: Extension mobility is similar to but not the same as forwarding ones calls. Forwarding is typically activated from the user’s normal phone or their user preferences configuration settings. Forwarding is therefore pre-set to a known location. Extension mobility is typically activated from the remote location and is activated upon arrival at that location. Extension mobility poses some vulnerabilities to the VVoIP system, user’s profile information, and conversations if not properly controlled. Extension mobility should be available only to those individuals that need to use the feature. There should be a configurable checkbox that enables/disables the feature within the configuration of the user’s normal phone or within the user’s profile. Making the feature available to all users all of the time broadens the exposure for potential compromise of other user’s profile information or conversations. Activation of the feature must not be via a feature button on the temporary phone or a commonly known code, either of which might be used along with the phone number to be transferred. This would leave all regular user’s phones vulnerable to anybody activating the feature from anywhere in the system to eavesdrop or collect information. Extension mobility transfer in some systems may have no time limitation. This means the temporary user’s phone configuration, preferences, speed dial information, and phone calls are available at the temporary phone until the transfer feature is deactivated. In the event the user does not specifically deactivate the transfer when they leave, the info is there until someone else deactivates it or another transfer is activated. While users should have the capability to deactivate the transfer at their discretion when they leave, the system should automatically deactivate the feature at some predetermined time of day or after a time period of inactivity. A timed deactivation might use a period of inactivity of one or two hours. Activation of the feature might be for a given period of time, such as eight hours, or for a user configurable time period set when they activate the feature. A time of day deactivation could be set to deactivate all such transfers at midnight each day. This feature might also be used as a backup for other methods. In the event controls such as those discussed above are not available, an extension mobility feature should be deactivated if the feature is provided or supported by the system.

STIG	Date
Voice/Video over Internet Protocol STIG	2015-01-05

Details

Check Text ( C-25775r1_chk )
Interview the IAO to validate compliance with the following requirement: In the event an extension mobility feature is available and not deactivated, ensure the following controls are implemented: > The feature is enabled/disabled (permitted) on a per user basis. > Feature activation requires user authentication minimally using a user unique PIN; preferably including a unique user-ID; AND is NOT activated via a common activation code or feature button on the phone in conjunction with the phone number of the regular phone whose configuration is to be transferred. > The user has the capability manually disable the feature at their discretion when they no longer need it such as when they leave the temporary location. > The user may have the capability to set duration when activating the feature. (Optional) > The feature automatically deactivate based on a period of inactivity or the time of day. Determine if an extension mobility feature is available and not deactivated, that is it is usable. Determine the methods of activation and deactivation. This is a finding in the event one or more of the controls listed above is not available except for the optional one. NOTE: This check and requirement will most likely be split into its components during a future bi-monthly release cycle.

Check Text ( C-25775r1_chk )

Interview the IAO to validate compliance with the following requirement:

In the event an extension mobility feature is available and not deactivated, ensure the following controls are implemented:
> The feature is enabled/disabled (permitted) on a per user basis.
> Feature activation requires user authentication minimally using a user unique PIN; preferably including a unique user-ID; AND is NOT activated via a common activation code or feature button on the phone in conjunction with the phone number of the regular phone whose configuration is to be transferred.
> The user has the capability manually disable the feature at their discretion when they no longer need it such as when they leave the temporary location.
> The user may have the capability to set duration when activating the feature. (Optional)
> The feature automatically deactivate based on a period of inactivity or the time of day.

Determine if an extension mobility feature is available and not deactivated, that is it is usable.

Determine the methods of activation and deactivation.

This is a finding in the event one or more of the controls listed above is not available except for the optional one.

NOTE: This check and requirement will most likely be split into its components during a future bi-monthly release cycle.

Fix Text (F-22311r1_fix)
Disable extension mobility OR Implement / configure extension mobility feature controls as follows: > The feature is enabled/disabled (permitted) on a per user basis. > Feature activation requires user authentication minimally using a user unique PIN; preferably including a unique user-ID; AND is NOT activated via a common activation code or feature button on the phone in conjunction with the phone number of the regular phone whose configuration is to be transferred. > The user has the capability manually disable the feature at their discretion when they no longer need it such as when they leave the temporary location. > The user may have the capability to set duration when activating the feature. (Optional) > The feature automatically deactivate based on a period of inactivity or the time of day.

Fix Text (F-22311r1_fix)

Disable extension mobility
OR
Implement / configure extension mobility feature controls as follows:
> The feature is enabled/disabled (permitted) on a per user basis.
> Feature activation requires user authentication minimally using a user unique PIN; preferably including a unique user-ID; AND is NOT activated via a common activation code or feature button on the phone in conjunction with the phone number of the regular phone whose configuration is to be transferred.
> The user has the capability manually disable the feature at their discretion when they no longer need it such as when they leave the temporary location.
> The user may have the capability to set duration when activating the feature. (Optional)
> The feature automatically deactivate based on a period of inactivity or the time of day.