The Voice Video system servers must be dedicated to Voice Video applications or management.

From Voice Video Policy Security Technical Implementation Guide

Part of SRG-POL-300611

Associated with: CCI-003072

VVSP-01-000145_rule The Voice Video system servers must be dedicated to Voice Video applications or management.

Vulnerability discussion

The information security architecture at the individual information system level must be consistent with and complement the more global, organization-wide information security architecture that is integral to and developed as part of the enterprise architecture. The information security architecture includes an architectural description, the placement/allocation of security functionality (including security controls), security-related information for external interfaces, information being exchanged across the interfaces, and the protection mechanisms associated with each interface.In addition, the security architecture can include other important security-related information, for example, user roles and access privileges assigned to each role; unique security requirements; the types of information processed, stored, and transmitted by the information system; restoration priorities of information and information system services; and any other specific protection needs.VoIP servers are mission critical to the operation of the Voice Video system. Dedicating these critical servers to their task is one of the key steps in securing the Voice Video environment. Permitting critical servers to run non-critical applications can provide a means or a path whereby the server or the critical applications can be compromised. Additionally, running non-critical applications not required for the operations or not related to the primary purpose of the server can degrade the performance of the server and thereby the reliability of the service provided. By not permitting non-critical applications to run on these servers, the server is made more secure. Therefore, the securing of these voice processing and signaling platforms, to include their installed applications, is vital in protecting the VoIP environment from malicious attack.

Check content

Review the site documentation to confirm the Voice Video system servers are dedicated to Voice Video applications or management. Confirm the servers and devices supporting the Voice Video and Unified Messaging core infrastructure do not run applications or provide management, other than what is minimally required. This includes the session manager, session border controllers, gateways, TDM telephone switches, voicemail, Unified Messaging servers, management servers, conference bridges, and other direct support servers. General-purpose applications such as browsers, word processors, etc., or other applications such as development software or special purpose applications should not be found unless directly required for operations and support. Additionally, unnecessary portions of the operating system such as sub-applications or files and routines that are not required to support the telephony system should not be found. If the Voice Video system servers are not dedicated to Voice Video applications or management, this is a finding.

Fix text

Implement Voice Video system servers to be dedicated to Voice Video applications or management. Dedicate critical servers in the Voice Video and Unified Messaging core infrastructure to only run applications required for executing the primary function of the server/device and those required for its support. Additionally, remove all unnecessary portions of the operating system such as sub-applications or files and routines that are not required to support the telephony system.

Pro Tips

Powered by sagemincer