Title

The Voice Video Session Manager must use a voice or video VLAN, separate from all other VLANs. (Cat II impact)

Discussion

When network elements do not dynamically reconfigure the data security attributes as data is created and combined, the possibility exist that security attributes will not correctly reflect the data with which they are associated. For the Voice Video Session Manager, the use of 802.1q tags on media and signaling, and the use of VLANs provides this layer of security. VLANs facilitate access and traffic control for voice video system components and enhanced QoS. Virtualized networking is used to separate voice video traffic from other types of traffic, such as data, management, and other special types. VLANs provide segmentation at layer 2. Virtual Routing and Forwarding (VRF) provides segmentation at layer 3, and works with Multiprotocol Label Switching (MPLS) for enterprise and WAN environments. When VRF is used without MPLS, it is referred to as VRF lite. For Voice Video systems, subnets, VLANs, and VRFs are used to separate media and signaling streams from all other traffic.

Check Content

Verify the Voice Video Session Manager uses a voice or video VLAN separate from all other VLANs. If the Voice Video Session Manager uses a voice or video VLAN that is not separate from all other VLANs, this is a finding.

Fix Text

Configure the Voice Video Session Manager to use a voice or video VLAN, separate from all other VLANs.

Additional Identifiers

Rule ID: SV-206862r508661_rule

Vulnerability ID: V-206862

Group Title: SRG-NET-000520

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.