Suddenly anyone can become a telephone company with a little money and licensing
from the appropriate authorities. Today there are many operators connecting into this
???trusted??? domain. While most are legitimate, there are a surprisingly large number of
fraudulent or unethical operators who cannot be trusted. While their activities may not
be illegal, they are not fair business practices, and they result in the legitimate operators
losing precious revenues.
Likewise, there are many organizations using the world??™s telephone networks for
their own gain. They accomplish this by discovering those networks that have easy
access with no authentication required. They ???hack??? into network platforms where
passwords have not been changed from their factory defaults. They explore every opportunity
to gain unauthorized access into networks and then use this access to sell
their own services.
Security Threats in an IP Domain
There are a number of security threats already established for IP networks (and well exploited).
These attacks can be prevented through the practices discussed in this chapter
and do not necessarily require huge investments to prevent. The main threats today are
?– Eavesdropping
?– Registration hijacking
?– Server impersonation
Security Procedures in the IMS 139
?– Message body tampering
?– Session tear-down
?– Denial-of-service
?– Amplification
Eavesdropping
Eavesdropping lets hackers intercept SIP messages without detection.
Pages:
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289