Much has been written about the security of SIP- based
networks and security of Voice over IP in general, but ultimately good security
is a complete architecture, not a single product or protocol. The advent of Fixed/Mobile Convergence and IMS has created some
widely accepted standards and has equally highlighted architectural differences
in the converging networks. Whilst the overall objective of providing a flexible,
secure network and secure services
is common, the implementation details differ from network to network.
Even within the standards themselves there is sometimes an assumption of trust which
may not in reality exist. For example, the IMS definition within TISPAN assumes
that the signalling elements are able to handle excessive signalling rates and badly
formed signalling messages. In reality these elements are designed to process sessions,
handling attacks at the same time may not be the best use of the equipment. In a
data-centric network we would expect
to see servers ringed by Firewalls and Intrusion Detection and Prevention systems,
so why would we build a media-centric network
any other way?