Secure protocols must be implemented for CODEC remote control and management.

From Video Services Policy STIG

Part of RTS-VTC 3120

SV-18875r2_rule Secure protocols must be implemented for CODEC remote control and management.

Vulnerability discussion

Many VTC Endpoints are remotely accessed across a network using nonsecure protocols such as telnet, FTP, and HTTP. This is a confidentiality issue since these protocols do not meet DoD requirements for password encryption while in transit. They also do not meet the encryption requirements for sensitive information in transit. Therefore, non-secure protocols should not be used. Some devices provide the option to select the secure versions of these protocols such as HTTPS and SSH for remote access. Secure protocols are required over non-secure protocols if available. Of additional concern is that remote control/management/configuration is performed in-band. In other words, it is performed using the same Ethernet port as the VTC traffic utilizes. If non-secure protocols must be utilized, the VTC production and CODEC remote access traffic must be segregated on the LAN from the normal data traffic. This is so that the confidentiality of the remote access password and sensitive management/configuration information is protected to the greatest extent possible by limiting access to it. Segregation requirements are discussed later under the LAN configuration section.

Check content

Review site documentation to confirm a policy and procedure requires secure protocols is implemented for CODEC remote control and management. Ensure secure remote access protocols, such as HTTPS and SSH, are used for CODEC remote control, management, and configuration. If secure protocols are not implemented for CODEC remote control and management, this is a finding. Note: During APL testing if the device does not support encrypted management protocols or an encrypted VPN between the managing workstation and the managed device, this is a finding.

Fix text

Secure protocols must be implemented for CODEC remote control and management Purchase and implement VTC CODECs and other VTC devices that support encryption of “Remote Control/Management/Configuration” protocols via the use of encrypted protocols or encrypted VPN tunnels between the managing PC/workstation and the managed device. AND Configure VTC CODECs and other VTC devices to use encrypted “Remote Control/Management/Configuration” protocols or an encrypted VPN tunnel between the managing PC/workstation/server and the managed device.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer