Check: SRG-NET-000520-VVSM-00024
Voice Video Session Management SRG:
SRG-NET-000520-VVSM-00024
(in versions v2 r2 through v1 r6)
Title
The Voice Video Session Manager must apply 802.1Q VLAN tags to signaling and media traffic or be in a private subnet. (Cat II impact)
Discussion
When network elements do not dynamically reconfigure the data security attributes as data is created and combined, the possibility exists that security attributes will not correctly reflect the data with which they are associated. For the Voice Video Session Manager, the use of 802.1q tags on media and signaling, and the use of VLANs provides this layer of security. VLANs facilitate access and traffic control for voice video system components and enhanced QoS. Virtualized networking is used to separate voice video traffic from other types of traffic, such as data, management, and other special types. VLANs provide segmentation at layer 2. Virtual Routing and Forwarding (VRF) provides segmentation at layer 3, and works with Multiprotocol Label Switching (MPLS) for enterprise and WAN environments. When VRF is used without MPLS, it is referred to as VRF lite. For Voice Video systems, subnets, VLANs, and VRFs are used to separate media and signaling streams from all other traffic.
Check Content
Verify the Voice Video Session Manager applies 802.1Q VLAN tags to signaling and media traffic or be in a private subnet.. If the Voice Video Session Manager does not apply 802.1Q VLAN tags to signaling and media traffic or be in a private subnet., this is a finding.
Fix Text
Configure th Voice Video Session Manager to apply 802.1Q VLAN tags to signaling and media traffic or be in a private subnet.
Additional Identifiers
Rule ID: SV-206861r508661_rule
Vulnerability ID: V-206861
Group Title: SRG-NET-000520
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
CCI-002272 |
The information system dynamically associates security attributes with organization-defined objects in accordance with organization-defined security policies as information is created and combined. |