Title

The Enterprise Voice, Video, and Messaging Session Manager must be configured to require Voice Video peers to re-register (reauthenticate) at least every hour. (Cat II impact)

Discussion

Device registration is a solution enabling an organization to manage devices. It is an additional layer of authentication ensuring only specific pre-authorized devices can access the system. Registration is the process of authorizing endpoints to communicate with the session manager. Registration occurs with the SIP server in VoIP systems and with a gatekeeper in H.323 systems. Without enforcing registration, an adversary could impersonate a legitimate device on the Voice Video network.

Check Content

Verify the Enterprise Voice, Video, and Messaging Session Manager requires Voice Video peers to re-register (reauthenticate) at least every hour. If the Enterprise Voice, Video, and Messaging Session Manager does not require Voice Video peers to re-register (reauthenticate) at least every hour, this is a finding.

Fix Text

Configure the Enterprise Voice, Video, and Messaging Session Manager to re-register (reauthenticate) Voice Video peers at least every hour.

Additional Identifiers

Rule ID: SV-260026r953984_rule

Vulnerability ID: V-260026

Group Title: SRG-NET-000338

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.