Archived
TD0133: FAU_GEN.1; FIA_SIPS_EXT.1 - Auditing SIP Register Events
Publication Date
2016.12.14
Protection Profiles
CPP_ND_SBC_EP_V1.0
Other References
FAU_GEN.1; FIA_SIPS_EXT.1
Issue Description
FIA_SIPS_EXT.1 requires that all register events be logged by the SBC. Due to the fact that SBCs sit on the internet facing edge of a network, there is potential for a great amount of SIP register events. Logging of every SIP register request makes TOEs more susceptible to SIP Register Flooding, a common resource utilization attack. Resolution
Resolution: Remove the following row in Table 1: Auditable Events
Justification
An SBC should defend against common resource utilization attacks, such as SIP Register Flooding. This has been updated in EP_SBC_V1.1. |