STIGQter: STIG Summary: Voice/Video over Internet Protocol (VVoIP) STIG Version: 3 Release: 14 Benchmark Date: 26 Apr 2019:

The Session Border Controller (SBC) must be configured to notify system administrators and ISSO when attempts to cause a denial-of-service (DoS) or other suspicious events are detected.

DISA Rule

SV-21816r3_rule

Vulnerability Number

V-19675

Group Title

VVoIP 6350

Rule Version

VVoIP 6350

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Ensure the DISN NIPRNet IPVS SBC is configured to notify system administrators and ISSO when the following conditions occur:
- Any number of malformed SIP, AS-SIP, or SRTP/SRTCP messages are received that could indicate an attempt to compromise the SBC.
- Excessive numbers of SIP or AS-SIP messages are received from any given IP address that could indicate an attempt to cause a DoS.
- Excessive numbers of messages are dropped due to authentication or integrity check failures; potentially indicating an attempt to cause a DoS or an attempt to effect a man in the middle attack.

NOTE: The VVoIP system may allow SIP and SRTP traffic encrypted and encapsulated on port 443 from Cloud Service Providers.

Check Contents

Interview the ISSO to confirm compliance with the following requirement:

Ensure the DISN NIPRNet IPVS SBC is configured to notify system administrators and ISSO when the following conditions occur:
- Any number of malformed SIP, AS-SIP, or SRTP/SRTCP messages are received that could indicate an attempt to compromise the SBC.
- Excessive numbers of SIP or AS-SIP messages are received from any given IP address that could indicate an attempt to cause a DoS.
- Excessive numbers of messages are dropped due to authentication or integrity check failures; potentially indicating an attempt to cause a DoS or an attempt to effect a man in the middle attack.

If the SBC does not notify system administrators and ISSO when attempts to cause a DoS or other suspicious events are detected, this is a finding.

NOTE: The VVoIP system may allow SIP and SRTP traffic encrypted and encapsulated on port 443 from Cloud Service Providers.

Vulnerability Number

V-19675

Documentable

False

Rule Version

VVoIP 6350

Severity Override Guidance

Interview the ISSO to confirm compliance with the following requirement:

Ensure the DISN NIPRNet IPVS SBC is configured to notify system administrators and ISSO when the following conditions occur:
- Any number of malformed SIP, AS-SIP, or SRTP/SRTCP messages are received that could indicate an attempt to compromise the SBC.
- Excessive numbers of SIP or AS-SIP messages are received from any given IP address that could indicate an attempt to cause a DoS.
- Excessive numbers of messages are dropped due to authentication or integrity check failures; potentially indicating an attempt to cause a DoS or an attempt to effect a man in the middle attack.

If the SBC does not notify system administrators and ISSO when attempts to cause a DoS or other suspicious events are detected, this is a finding.

NOTE: The VVoIP system may allow SIP and SRTP traffic encrypted and encapsulated on port 443 from Cloud Service Providers.

Check Content Reference

M

Target Key

3407

Comments