STIGQter STIGQter: STIG Summary: Voice Video Services Policy Security Technical Implementation Guide Version: 3 Release: 17 Benchmark Date: 25 Oct 2019:

The VVoIP system DNS server is not dedicated to the VVoIP system within the LAN; or the VVoIP system DNS server freely interacts with other DNS servers outside the VVoIP system; or the VVoIP system information is published to the enterprise WAN or the Internet.

DISA Rule

SV-23734r1_rule

Vulnerability Number

V-21522

Group Title

Deficient design: VVoIP system re: DNS

Rule Version

VVoIP 5212 (LAN)

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Consider not using DNS for the VVoIP system unless it is required.

In the event DNS is used in the VVoIP system, ensure the DNS server serving the VVoIP system is dedicated to the VVoIP system and that any DNS server interaction with other DNS servers is limited. Additionally ensure internal system URLS and information is not published to the enterprise WAN or the Internet.

NOTE: In the event a DNS server is implemented within the VVoIP system, the DNS STIG must be applied to the server.

Check Contents

Examine the configurations of the DNS server(s) serving the VVoIP system and those outside the system. Attempt to use a system specific URL that should not be published outside the system to see if an IP address is returned.

This is a finding in the event restricted URLs are reachable from outside the restriction zone.

Vulnerability Number

V-21522

Documentable

False

Rule Version

VVoIP 5212 (LAN)

Severity Override Guidance

Examine the configurations of the DNS server(s) serving the VVoIP system and those outside the system. Attempt to use a system specific URL that should not be published outside the system to see if an IP address is returned.

This is a finding in the event restricted URLs are reachable from outside the restriction zone.

Check Content Reference

M

Responsibility

Information Assurance Officer

Target Key

594

Comments