An error occurred:

Check: VVoIP 6320

Voice/Video over Internet Protocol (VVoIP) STIG: VVoIP 6320 (in versions v3 r15 through v3 r12)

Title

The Session Border Controller (SBC) must be configured to validate the structure and validity of SIP and AS-SIP messages, such that malformed messages or messages containing errors are dropped before action is taken on the contents. (Cat III impact)

Discussion

Malformed SIP and AS_SIP messages as well as messages containing errors could be an indication that an adversary is attempting some form of attack or denial-of-service. Such an attack is called fuzzing. Fuzzing is the deliberate sending of signaling messages that contain errors in an attempt to cause the target device to react in an inappropriate manner, such as the device could fail causing a denial-of-service or could permit traffic to pass that it would not normally permit. In some cases a target can be flooded with fuzzed messages. As such the SBC must not act on any portion of a signaling message that contains errors. It is possible that a malformed or erroneous message could be sent by the signaling partner and be properly hashed for integrity.

Check Content

Interview the ISSO to confirm compliance with the following requirement: Verify the DISN NIPRNet IPVS SBC is configured to validate the structure and validity of SIP and AS-SIP messages such that malformed messages or messages containing errors are dropped before action is taken on the contents. If the SBC does not validate the correct format of the received AS-SIP message, this is a finding. NOTE: The VVoIP system may allow SIP and SRTP traffic encrypted and encapsulated on port 443 from Cloud Service Providers.

Fix Text

Ensure the DISN NIPRNet IPVS SBC is configured to validate the structure and validity of SIP and AS-SIP messages such that malformed messages or messages containing errors are dropped before action is taken on its contents. NOTE: The VVoIP system may allow SIP and SRTP traffic encrypted and encapsulated on port 443 from Cloud Service Providers.

Additional Identifiers

Rule ID: SV-21810r3_rule

Vulnerability ID: V-19669

Group Title: VVoIP 6320

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
No CCIs are assigned to this check

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check