The Session Border Controller (SBC) must be configured to notify system administrators and ISSO when attempts to cause a denial-of-service (DoS) or other suspicious events are detected.

From Voice/Video over Internet Protocol (VVoIP) STIG

Part of VVoIP 6350

SV-21816r3_rule The Session Border Controller (SBC) must be configured to notify system administrators and ISSO when attempts to cause a denial-of-service (DoS) or other suspicious events are detected.

Vulnerability discussion

Action cannot be taken to thwart an attempted denial-of-service or compromise if the system administrators responsible for the operation of the SBC and/or the network defense operators are not alerted to the occurrence in real time.

Check content

Interview the ISSO to confirm compliance with the following requirement: Ensure the DISN NIPRNet IPVS SBC is configured to notify system administrators and ISSO when the following conditions occur: - Any number of malformed SIP, AS-SIP, or SRTP/SRTCP messages are received that could indicate an attempt to compromise the SBC. - Excessive numbers of SIP or AS-SIP messages are received from any given IP address that could indicate an attempt to cause a DoS. - Excessive numbers of messages are dropped due to authentication or integrity check failures; potentially indicating an attempt to cause a DoS or an attempt to effect a man in the middle attack. If the SBC does not notify system administrators and ISSO when attempts to cause a DoS or other suspicious events are detected, this is a finding. NOTE: The VVoIP system may allow SIP and SRTP traffic encrypted and encapsulated on port 443 from Cloud Service Providers.

Fix text

Ensure the DISN NIPRNet IPVS SBC is configured to notify system administrators and ISSO when the following conditions occur: - Any number of malformed SIP, AS-SIP, or SRTP/SRTCP messages are received that could indicate an attempt to compromise the SBC. - Excessive numbers of SIP or AS-SIP messages are received from any given IP address that could indicate an attempt to cause a DoS. - Excessive numbers of messages are dropped due to authentication or integrity check failures; potentially indicating an attempt to cause a DoS or an attempt to effect a man in the middle attack. NOTE: The VVoIP system may allow SIP and SRTP traffic encrypted and encapsulated on port 443 from Cloud Service Providers.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer