From Voice Video Services Policy STIG
Part of VVoIP 5420
VVoIP core system devices and Time Division Multiplexer (TDM)-based telecom switches can be and in many cases are connected to multiple management networks. Such is the case when the system is managed by local SAs and systems via the local management VLAN or dedicated OOB management network and other SAs or systems manage or monitor the system via another network such as a remote MILDEP NOC, the DSN’s ADIMSS network, the RTS EMS, or the DISN DCN. A similar situation occurs in the DRSN with the ARDIMSS network. In some cases, these networks are interconnected such that both management networks have access to the same devices via a single management port. Each of these management networks is in reality a different enclave and as such access and traffic between them must be filtered thus protecting each of the enclaves from compromise from one of the others. Enclaves are defined as a collection of computing environments connected by one or more internal networks under the control of a single authority and security policy, including personnel and physical security. Based on this definition, the local LAN enclave, remote MILDEP NOC, the DSN’s ADIMSS network, the RTS EMS, and the DISN DCN are different enclaves. Therefore, minimally, a firewall is required where these enclaves meet.
Review site documentation to confirm that the VVoIP system management network bidirectional enclave boundary protection between the local management network and the DISN voice services management network has been scanned to confirm protections in place are effective. Validate the effectiveness of the boundary protection ACLs by performing network vulnerability scans as follows: - Scan the entire DISN management network (e.g., RTS EMS, ADIMSS, ARDIMSS, or DCN) address space from an unused randomly selected IP address on the local management network. - Scan the entire local management network address space from an unused randomly selected IP address on the DISN management network. If the VVoIP system management network bidirectional enclave boundary protection between the local management network and the DISN voice services management network has not been scanned to confirm protections in place are effective, this is a finding. If the network vulnerability scan receives a response from any host on either network, this is a finding.
Implement and document that the VVoIP system management network bidirectional enclave boundary protection between the local management network and the DISN voice services management network has been scanned to confirm protections in place are effective. Validate the effectiveness of the boundary protection on an annual basis.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer