From Voice/Video over Internet Protocol (VVoIP) STIG
Part of Deficient EBC config: AS-SIP-TLS session term’t’n
We previously discussed the reasons why a special firewall function is needed to protect the enclave if VVoIP is to traverse the boundary (see VVoIP 1005 (GENERAL) under VVoIP policy). This requirement addresses the function of the EBC which manages the AS-SIP-TLS signaling messages.
Inspect the configuration of the EBC to determine compliance with the requirement. This is a finding in the event of the following: > AS-SIP-TLS messages are just passed through the EBC without termination and decryption. > The EBC is not configured to, or is not capable of, terminating and decrypting the AS-SIP-TLS messages > The EBC is not configured to, or is not capable of, understanding the contents of the decrypted AS-SIP messages. > The EBC is not configured to establish a new AS-SIP-TLS session with the far end EBC that fronts the destination LSC or MFSS. > The EBC is not configured to establish a new AS-SIP-TLS session with the LSC inside the enclave.
Ensure the DISN NIPRNet IPVS firewall (EBC) is configured to terminate AS-SIP-TLS sessions (messages) (both inbound and outbound) and decrypt the packets to determine the information needed to properly manage the transition of SRTP/SRTCP streams across the boundary. Additionally ensure the EBC establishes a new AS-SIP-TLS session for the “next hop” to the internal LSC or the far end EBC that fronts the destination LSC or MFSS.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer