Title

The Voice Video Session Manager must require Voice Video peers to re-register (re-authenticate) at least every hour. (Cat II impact)

Discussion

Device registration is a solution enabling an organization to manage devices. It is an additional layer of authentication ensuring only specific pre-authorized devices and trunks can access the system. Registration is the process of authorizing endpoints and trunks to communicate with the session manager. Registration occurs with the SIP server in VoIP systems and with a gatekeeper in H.323 systems. Without enforcing registration, an adversary could impersonate a legitimate device or peer on the Voice Video network.

Check Content

Verify the Voice Video Session Manager requires Voice Video peers to re-register (re-authenticate) at least every hour. If the Voice Video Session Manager does not require Voice Video peers to re-register (re-authenticate) at least every hour, this is a finding.

Fix Text

Configure the Voice Video Session Manager to re-register (re-authenticate) Voice Video peers at least every hour.

Additional Identifiers

Rule ID: SV-206845r508661_rule

Vulnerability ID: V-206845

Group Title: SRG-NET-000338

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.