Title

The Unified Communications Session Manager must be configured to require Voice Video peers to re-register (re-authenticate) at least every hour. (Cat II impact)

Discussion

Device registration is a solution enabling an organization to manage devices. It is an additional layer of authentication ensuring only specific preauthorized devices can access the system. Registration is the process of authorizing endpoints to communicate with the session manager. Registration occurs with the SIP server in VoIP systems and with a gatekeeper in H.323 systems. Without enforcing registration, an adversary could impersonate a legitimate device on the Voice Video network.

Check Content

Verify the Unified Communications Session Manager requires Voice Video peers to re-register (reauthenticate) at least every hour. If the Unified Communications Session Manager does not require Voice Video peers to re-register (reauthenticate) at least every hour, this is a finding.

Fix Text

Configure the Unified Communications Session Manager to re-register (reauthenticate) Voice Video peers at least every hour.

Additional Identifiers

Rule ID: SRG-NET-000338-VVSM-00102_rule

Vulnerability ID: SRG-NET-000338-VVSM-00102

Group Title: SRG-NET-000338-VVSM-00102

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.