Check: SRG-NET-000053-VVEP-00009
Voice Video Endpoint SRG:
SRG-NET-000053-VVEP-00009
(in versions v2 r2 through v1 r4)
Title
The Voice Video Endpoint must limit the number of concurrent sessions to two (2) users. (Cat II impact)
Discussion
Voice video endpoint management includes the ability to control the number of user sessions and limiting the number of allowed user sessions helps limit risk related to DoS attacks. Voice video endpoint sessions occur peer-to-peer for media streams and client-server with session managers. For those endpoints that conference together multiple streams, the limit may be increased according to policy but a limit must still exist.
Check Content
Verify the Voice Video Endpoint limits the number of concurrent sessions to two users. Local policy may justify and increase the limit on concurrent user sessions to a number higher than two. If the Voice Video Endpoint does not limit the number of concurrent sessions to two users, or the limit set by local policy, this is a finding.
Fix Text
Configure the Voice Video Endpoint to limit the number of concurrent sessions to two users or the limit set by local policy.
Additional Identifiers
Rule ID: SV-206751r604140_rule
Vulnerability ID: V-206751
Group Title: SRG-NET-000053
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000054 |
The information system limits the number of concurrent sessions for each organization-defined account and/or account type to an organization-defined number of sessions. |
Controls
| Number | Title |
|---|---|
| AC-10 |
Concurrent Session Control |