IMS network security has become a fatal Achilles heels-IMS, network security – C
IMS promises to help telecom operators to achieve full IP-based network structure, but the introduction of IMS also means that carriers will face the same trouble with their ISP, this is the network security issues. The original, set thousands of pet love in a million, IMS also has soft spot!
Internet security is an eternal topic. In the past 12 years, since the International Science Foundation, the United States to hand over control of the Internet, the contest between destruction and will never stop too. Although in this contest, the champions of the Internet has accumulated a wealth of experience, but omnipresent and omnipotent nature of the Internet makes it ever-changing security issues, hard to detect.
IMS "Internet" nature IMS, a commitment to help telecom operators to achieve network-wide IP-based technology, a simple, flexible, and supports all open standards and independent of the access network is the main characteristics and advantages. Recently, IMS publicity by some equipment manufacturers were marvelous, all-powerful. Such as, IMS platform enables operators to focus on applications rather than providing access technology, IMS will help ensure that the SIP including the 3G equipment in many systems, including the availability and the IMS platform supports a variety of IP-based applications.
Equipment manufacturers may have used nothing but good news. No matter how we describe and rendering IMS, one thing is certain, that IMS is based on TCP / IP protocol, it's way through the packet switching instead of traditional circuit-switched telecommunications. So, yes, IMS will enable the introduction of telecommunications into the "class of the Internet" era, security will become the number one enemy of telecom operators.
More than the industry is based on IMS overcritical "IMS is not the Internet," the premise. Such as, IMS has a centralized architecture, intelligent core network as well as operation of the business models, which are related to the Internet has a very large difference. But back to the safety of the network operators can not avoid the issue by up, IMS than the Internet not be that good.
Internet security is due to "fool the network" due to the nature, it does not have centralized control of authentication, and more terrible by any one connected to the computer on it can use it. Therefore, the higher level of security is not on the user access to client-side and network access control authentication, but rather how to ensure that legitimate users access to the contents of the safe and reliable, this is the most critical. Once the open network, the threat may break out anytime, anywhere.
IMS involvement in DNS In fact, in essence, to achieve security is between the IMS and the public Internet, set up a wall to prevent the passage of any suspicious content. 3GPP/3GPP2 IMS security issues in the detailed definition, including the SIM application and certification procedures. But regrettably, 3GPP/3GPP2 and not how to prevent denial of service attacks against DNS for related definitions, this has left a huge IMS security risks. 3GPP/3GPP2 IMS security specifications are also in reference to the "should" guard against a false address spoofing, but does not explain "how" to guard against. In addition to security flaws, that meant the formation of the problem is that different networks or IMS IMS SIP networks and Internet users the possibility of collaborative work.
On the Internet, DNS is often targeted by hackers. This is mainly because the world of the Internet presence of a large, independent of the DNS server, whether you are to add, delete or re-configure a DNS server is a very simple matter, of course, including malicious attacks. Can be said that use of DNS technology in the development, we also installed a safe for their own trap, although the DNS technology to solve our many problems, but also very simple to use.
In the DNS system, cache poisoning is a very common phenomenon. Former usually by limiting the use of recursive DNS to carry out prevention, it is not right, because it will greatly reduce the flexibility of the entire DNS system. Another way to prevent a "fire with fire", that is the same false address to the DNS server to be under attack, "mass" request, which will be submerged malicious attacks. Consequences of doing so is clear, in the prevention of malicious attacks and also caused the collapse of the target server.
The same with the Internet, IMS through the use of DNS to achieve different languages URL links and traditional phone numbers and IP address resolution between, and IMS dependent on the DNS, compared favorably with the Internet.
Security specifications such as IMS, as described, the data packets encrypted by PCSCF required, and this behavior and malicious attacks have nothing to do. In this way, the firewall will function PCSCF entity greatly reduced. (Editor's Note: CSCF?? Session service control, is one of IMS functional entities, which includes PCSCF?? Proxy CSCF, ICSCF?? Check CSCF and SCSCF?? Services and other types of CSCF, in physics can be unity, can also be set separately.) Moreover, in order to meet the requirements of telecom applications, IMS using private DNS server, also increased the ENUM (telephone number mapping) devices. Experts believe that doing so is even more dangerous, because once the operator's DNS problems, the normal work of the entire network will be affected.
Another related issue is that SIP is the IMS network and Internet users to work the problem. IMS function SIPURL using ENUM query. But such a query can be "inside out" to, but not "from the outside to the inside." That query operators can be transmitted within the network through the Internet, they can not spread from the Internet through private telecom operators DNS, unless the operator's network and there is no firewall between the public Internet, this situation puzzling. Also, check out the very strenuous or require carriers in their network and set up a firewall between the public Internet, or IMS security model needs to be redefined. For this problem, 3GPP and the IETF has already started on the SIP standard derived in order to achieve the IMS environment to the real inter-network query SIPURL.
How to respond to intelligent terminals
Although the IMS through a rigorous structure of the central node and the integration of telecom network billing system to ensure that the IP connection in a wider range of possibilities. However, the current terminal equipment is becoming more intelligent, communication between terminal devices are becoming increasingly diverse. In the TCP / IP environment, an end
We are high quality suppliers, our products such as Diaphragm Wall Equipment manufacturer , china Mud Pump for oversee buyer. To know more, please visits drilling rigs,drilling equipment.
Processing your request, Please wait....
