OpenControls Logo

STIG Viewer

The Session Border Controller (SBC) must be configured to notify system administrators and the information system security officer (ISSO) when attempts to cause a denial of service (DoS) or other suspicious events are detected.

Overview

Finding IDVersionRule IDIA ControlsSeverity
V-259936SRG-VOIP-000560SV-259936r948782_ruleCCI-001548medium
Description
Action cannot be taken to thwart an attempted DOS or compromise if the system administrators responsible for the operation of the SBC and/or the network defense operators are not alerted to the occurrence in real time.
STIGDate
Enterprise Voice, Video, and Messaging Policy Security Requirements Guide2025-05-29

Details

Check Text (C-259936r948782_chk)

Verify the DISN NIPRNet IPVS SBC is configured to notify system administrators and the ISSO when the following conditions occur: - Any number of malformed SIP, AS-SIP, or SRTP/SRTCP messages are received that could indicate an attempt to compromise the SBC. - Excessive numbers of SIP or AS-SIP messages are received from any given IP address that could indicate an attempt to cause a DoS. - Excessive numbers of messages are dropped due to authentication or integrity check failures, potentially indicating an attempt to cause a DoS or effect a man-in-the-middle attack. If the SBC does not notify system administrators and the ISSO when attempts to cause a DoS or other suspicious events are detected, this is a finding. NOTE: The VVoIP system may allow SIP and SRTP traffic encrypted and encapsulated on port 443 from cloud service providers.

Fix Text (F-63574r946728_fix)

Ensure the DISN NIPRNet IPVS SBC is configured to notify system administrators and the ISSO when the following conditions occur: - Any number of malformed SIP, AS-SIP, or SRTP/SRTCP messages are received that could indicate an attempt to compromise the SBC. - Excessive numbers of SIP or AS-SIP messages are received from any given IP address that could indicate an attempt to cause a DoS. - Excessive numbers of messages are dropped due to authentication or integrity check failures, potentially indicating an attempt to cause a DoS or an attempt to effect a man-in-the-middle attack. NOTE: The VVoIP system may allow SIP and SRTP traffic encrypted and encapsulated on port 443 from cloud service providers.