This is yet another
function of the P-CSCF that is based on policy decisions configured by the operator.
From a security perspective, the P-CSCF is critical in preventing unauthorized access
to the network. Since the P-CSCF is the entry point into the IMS, the P-CSCF can
be used to screen access by any device. However, the P-CSCF does not enforce authentication
within the IMS. The S-CSCF is responsible for challenging devices when they
attempt to establish a session without being registered, or when they are attempting
registration.
A Policy Decision Function (PDF) can be resident in the P-CSCF and used to determine
how to react to specific scenarios. The PDF allows operators to establish rules to
be applied for access to the network. The PDF controls the Policy Enforcement Function
(PEF) in the bearer network. This allows operators to control the flow of packets at the
bearer level according to destination and origination addresses and permissions.
The P-CSCF can also check the routing to verify that the routing received in the
SIP request/response (as identified in the ROUTE header) is the same routing that
was identified when the device registered in the network. If the routing headers do not
contain an address matching the addresses saved by the P-CSCF during the registration
process, then the routing is changed by the P-CSCF in accordance with the addresses
captured in the P-CSCF.
Pages:
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58