Check: SRG-NET-000057-VVEP-00012
Voice Video Endpoint SRG:
SRG-NET-000057-VVEP-00012
(in versions v2 r2 through v1 r4)
Title
The hardware Voice Video Endpoint PC port must maintain VLAN separation from the voice video VLAN, or be disabled. (Cat II impact)
Discussion
Virtualized networking is used to separate voice video traffic from other types of traffic, such as data, management, and other special types. VLANs provide segmentation at layer 2. Virtual Routing and Forwarding (VRF) provides segmentation at layer 3, and works with Multiprotocol Label Switching (MPLS) for enterprise and WAN environments. When VRF is used without MPLS, it is referred to as VRF lite. For Voice Video systems, subnets, VLANs, and VRFs are used to separate media and signaling streams from all other traffic.
Check Content
If the Voice Video Endpoint is not a hardware endpoint, this check procedure is Not Applicable. Verify the hardware Voice Video Endpoint PC port maintains VLAN separation from the voice video VLAN or is disabled. For networks with both VoIP and videoconferencing, best practice is to have a separate voice VLAN and video VLAN. If the hardware Voice Video Endpoint PC port is disabled, this is not a finding. If the hardware Voice Video Endpoint PC port does not maintain VLAN separation from the voice video VLAN, this is a finding.
Fix Text
Configure the hardware Voice Video Endpoint PC port to maintain VLAN separation from the voice video VLAN or be disabled.
Additional Identifiers
Rule ID: SV-206752r604140_rule
Vulnerability ID: V-206752
Group Title: SRG-NET-000057
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000366 |
The organization implements the security configuration settings. |
| CCI-001424 |
The information system dynamically associates security attributes with organization-defined subjects in accordance with organization-defined security policies as information is created and combined. |