If no
agreement exists and the other network is not a trusted domain, then measures must
be taken to ensure the IMS network is secure. This means that procedures must be put
into place to guard certain subscriber information elements from being exchanged with
non-trusted domains.
Topology hiding can be used to prevent network information that could be used to
understand the topology of the network from leaking to other networks. The I-CSCF
acts as the gateway into the network and strips any headers from outgoing SIP messages
that would contain addresses of internal IMS entities. These addresses could be
used to determine the number of S-CSCFs in the network domain, for example.
Usually this information would be found in the ROUTE and RECORD-ROUTE headers.
Collecting this information could disclose to an outside network the number of
nodes within the network domain route, network capacity (if used in conjunction with
???test??? traffic), and even S-CSCF capabilities.
Topology hiding is one means of preventing call session controller functions from
being compromised. By hiding the addresses of these entities within a network, it prevents
unauthorized personnel from learning the addresses and attempting to ???hack???
into the systems. Once compromised, incoming REGISTER messages could be redirected
to a ???phony??? registrar in another network.
Pages:
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333