Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-19675 | VVoIP 6350 (DISN-IPVS) | SV-21816r1_rule | ECSC-1 | Medium |
Description |
---|
Action cannot be taken to thwart an attempted denial-of-service or compromise if the SAs responsible for the operation of the EBC and/or the network defense operators are not alerted to the occurrence in real time. |
STIG | Date |
---|---|
Voice/Video over Internet Protocol (VVoIP) STIG | 2015-12-29 |
Check Text ( C-24058r1_chk ) |
---|
Interview the IAO to confirm compliance with the following requirement: In addition to the alarm messages required of any firewall by the NI STIG, ensure the DISN NIPRNet IPVS firewall (EBC) is configured to transmit a meaningful alarm message to the local EMS and DISN IPVS management system in the event of the following conditions: > Any number of malformed AS-SIP or SRTP/SRTCP messages are received that could indicate an attempt to compromise the EBC. > Excessive numbers of AS-SIP messages are received from any given IP address that could indicate an attempt to cause a denial-of-service. > Excessive numbers of messages that are dropped due to authentication or integrity check failures that might indicate an attempt to cause a denial-of-service or an attempt to effect a man in the middle attack. > Potentially others. This is a finding in the event the EBC does not generate and send alarms based on attempts to cause a denial-of-service or compromise the EBC or enclave. |
Fix Text (F-20381r1_fix) |
---|
Ensure the DISN NIPRNet IPVS firewall (EBC) is configured to transmit meaningful alarm messages as required of any firewall by the NI STIG. Ensure the DISN NIPRNet IPVS firewall (EBC) is configured to transmit a meaningful alarm message to the local EMS and DISN IPVS management system in the event of the following conditions: > Any number of malformed AS-SIP or SRTP/SRTCP messages are received that could indicate an attempt to compromise the EBC. > Excessive numbers of AS-SIP messages are received from any given IP address that could indicate an attempt to cause a denial of service. > Excessive numbers of messages that are dropped due to authentication or integrity check failures that might indicate an attempt to cause a denial of service or an attempt to effect a man in the middle attack. > Potentially others. |