If a message is received by the P-CSCF that is not a REGISTER message, and it is
received on port 5060/5061, the P-CSCF discards the message. Today??™s VoIP networks
do not use security association in most cases, allowing hackers to gain access into
the various entities within the network and open these ports to accept all SIP traffic.
Security association eliminates this vulnerability.
This also prevents replay of a message. Replay is where a message is captured by
the perpetrator by eavesdropping and recreated for the perpetrator??™s own use. Usually
some parameters are altered, such as the destination address, so that the perpetrator
can gain access to operator services masquerading as a legitimate subscriber.
For example, a hacker could capture SIP INVITE or REGISTER messages and then
use these messages to obtain services for his or her own use. The hacker could change
the location address in the REGISTER message and change the destination address
in the INVITE message, immediately gaining access to services it otherwise would not
be allowed to use.
Privacy
Privacy allows subscribers to remain anonymous to various networks. While within the
home network, the network always knows the public and private identities of a subscriber
(otherwise services are not provided). But transiting networks are not typically
provided this information if privacy has been invoked.
Pages:
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309