Title

The Enterprise Voice, Video, and Messaging Session Manager must be configured to require Voice Video Endpoints to re-register at least every three hours. (Cat II impact)

Discussion

Device registration is a solution enabling an organization to manage devices. It is an additional layer of authentication ensuring only specific pre-authorized devices can access the system. Registration is the process of authorizing endpoints to communicate with the session manager. Registration occurs with the SIP server in VoIP systems and with a gatekeeper in H.323 systems. Without enforcing registration, an adversary could impersonate a legitimate device on the Voice Video network.

Check Content

Verify the Enterprise Voice, Video, and Messaging Session Manager requires Voice Video Endpoints to re-register at least every three hours. If the Enterprise Voice, Video, and Messaging Session Manager does not require Voice Video Endpoints to re-register or does not enforce re-registration at least every three hours, this is a finding.

Fix Text

Configure the Enterprise Voice, Video, and Messaging Session Manager to re-register Voice Video Endpoints at least every three hours.

Additional Identifiers

Rule ID: SV-260025r953984_rule

Vulnerability ID: V-260025

Group Title: SRG-NET-000338

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.