Title

The Voice Video Session Manager must terminate all network connections associated with a communications session at the end of the session, or the session must be terminated after 15 minutes of inactivity. (Cat I impact)

Discussion

Terminating network connections associated with communications sessions includes, for example, de-allocating associated TCP/IP address/port pairs at the operating system level, and de-allocating networking assignments at the application level if multiple application sessions are using a single, operating system level network connection. Voice Video Session Managers do not conduct media session; they conduct the session termination signaling. Endpoints and border elements conduct the media sessions and de-allocate those resources. However, sessions that do not receive a response from the far end may require the session manager to request termination of communication sessions.

Check Content

Verify the Voice Video Session Manager terminates all network connections associated with a communications session at the end of the session, or the session terminates after 15 minutes of inactivity. If the Voice Video Session Manager does not terminate all network connections associated with a communications session at the end of the session, this is a finding. If the Voice Video Session Manager does not terminate the session after 15 minutes of inactivity, this is a finding.

Fix Text

Configure the Voice Video Session Manager to terminate all network connections associated with a communications session at the end of the session. Alternatively, configure the Voice Video Session Manager to terminate the session after 15 minutes of inactivity.

Additional Identifiers

Rule ID: SV-206831r508661_rule

Vulnerability ID: V-206831

Group Title: SRG-NET-000213

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.