The Voice Video system and LAN design must provide segmentation of the Voice Video system core device management traffic and interfaces.

From Voice Video Policy Security Technical Implementation Guide

Part of SRG-POL-300611

Associated with: CCI-003072

VVSP-01-000154_rule The Voice Video system and LAN design must provide segmentation of the Voice Video system core device management traffic and interfaces.

Vulnerability discussion

The information security architecture at the individual information system level must be consistent with and complement the more global, organization-wide information security architecture that is integral to and developed as part of the enterprise architecture. The information security architecture includes an architectural description, the placement/allocation of security functionality (including security controls), security-related information for external interfaces, information being exchanged across the interfaces, and the protection mechanisms associated with each interface.In addition, the security architecture can include other important security-related information, for example, user roles and access privileges assigned to each role; unique security requirements; the types of information processed, stored, and transmitted by the information system; restoration priorities of information and information system services; and any other specific protection needs.Unauthorized access to the management interface can lead to complete corruption of the system or device, causing the loss of availability (denial of service), integrity, and information or communications confidentiality. The management interfaces and management traffic must be protected; the most effective method is establishing a separate dedicated management network. When using in-band management, the best method is to establish a separate dedicated management VLAN on the production network. The management of Voice Video core components can be accomplished using an OOB management network or an in-band VLAN. This management access must be segregated from all other management VLANs on the network.

Check content

Review site documentation, network diagrams, and design information to confirm the Voice Video system and LAN design provide segmentation of the Voice Video system core device management traffic and interfaces. Verify the Voice Video system management is segregated or separated from production traffic and other management traffic such that access and traffic flow can be properly controlled. If the Voice Video system and LAN design do not provide segmentation of the Voice Video system core device management traffic and interfaces, this is a finding. NOTE: The Voice Video system management may be implemented as a VLAN or OOB network. This supports separation of duties between the data network and Voice Video network administrators. This VLAN may be accessed from the general LAN management VLAN via a controlled ACL, gateway, or firewall.

Fix text

Implement and document the Voice Video system and LAN design that provides segmentation of the Voice Video system core device management traffic and interfaces. The implementation may be a dedicated OOB network or a VLAN for the Voice Video system management. Ensure Voice Video system management is segregated or separated from production traffic and other management traffic such that access and traffic flow can be properly controlled and role-based access is supported. NOTE: The Voice Video system management may be implemented as a VLAN or OOB network. This supports separation of duties between the data network and Voice Video network administrators. This VLAN may be accessed from the general LAN management VLAN via a controlled ACL, gateway, or firewall.

Pro Tips

Powered by sagemincer