This author has even heard from some operators that have disabled
authentication in their networks because they are afraid it will slow down the call
processing.
There have been repeated cases of VoIP breaches where hackers have compromised
media gateway controllers (MGCs) through open ports, with no authentication or challenge
from the MGC. They have then used these open ports to route their own traffic,
and have even reconfigured the MGCs to accept traffic from other networks.
Even data servers supporting commercial and public intranets have been compromised
and used for the purpose of routing VoIP calls through those networks and into
unsuspecting ???trusted??? telecommunications networks.
The fact is the telephone network was once a ???trusted??? domain (which is explained a
little further down). All of the operators connecting with one another were either from
the same big company or a government entity if outside the U.S. The privatization of
telephone companies around the world, and the divestiture of the Bell System in the
U.S., changed this forever.
When the open and free Internet is suddenly connected to the ???trusted??? networks of
telephone companies, exploitations and breaches become prolific. Without a means of
identifying those who access the network, and verifying those identities through the
exchange of some fashion of authentication keys, there is no way to stop fraudulent
traffic from rogue service providers.
Pages:
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288