We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

VoIP security alliance formed

Security and telecom companies band together to promote security awareness for internet telephony

Leading computer security and telecommunications companies said today that they are joining forces to raise awareness of threats to VoIP (voice over internet protocol) technology.

The VoIP Security Alliance will disseminate knowledge of internet telephony security risks through discussion lists, white papers and research projects.

The group hopes to spur adoption of VoIP by promoting best practices for companies that adopt VoIP, and by warning organisations of threats, including spam and denial-of-service (DOS) attacks.

The new group is the first cross-industry association that is focused on VoIP security. It includes major players in the market, such as Alcatel and Avaya, VoIP newcomer Comcast, security technology vendors Qualsys and Symantec, and TippingPoint.

One goal of the group is to clear up misconceptions about the technology, which allows voice conversations to be transmitted over the internet. One misconception the group will try to dispel is that deploying VoIP is the same as deploying traditional data networks.

"There's this idea that you don't need to do anything different after you install VoIP applications," says Dave Endler, director of digital vaccine at TippingPoint.

However, internet telephony introduces new requirements for IP networks, including a higher premium on quality of service so that voice conversations are intelligible, and on the privacy of voice data sent over the network.

Deploying VoIP also raises the stakes for network outages, including DOS attacks, because organisations lose voice as well as network services in such attacks, Endler says.

"Imagine not being able to dial 911, or imagine a 911 call centre [that uses VoIP] inundated with VoIP spam," Endler says.

The group will research and distribute information on internet telephony vulnerabilities and promote VoIP security tools.

For example, the VoIP Security Alliance is backing research into special security tools, including a "fuzzer" for SIP (session initiation protocol), a VoIP communications protocol. The tool will be able to test SIP for weaknesses and vulnerabilities that could lead to attacks.

The group will also promote best practices for deploying VoIP, such as configuring gear and separating voice data from other data on so-called converged networks, he says.

Membership in the VoIP Security Alliance is dominated by companies, but is open to individual researchers and university research groups, as well as to internet telephony enthusiasts who are experts in the technology.

While many leading VoIP-oriented companies have already joined, some major players in the space, including Juniper Networks and network gear maker Cisco Systems, are not listed as members.

But Endler says the group can succeed even without the backing of major technology vendors by becoming a reliable source of information and advice on internet telephony security issues.

He likens the group to the Open Web Application Security Project, a volunteer group that produces tools, documentation and standards for web application security.

Individuals interested in joining the VoIP Security Alliance or subscribing to a VoIP security discussion list can visit the group's website.

For more information, our sister site Techworld has a comprehensive VoIP resource page.

IDG UK Sites

Best Black Friday 2014 tech deals: Get bargains on smartphones, tablets, laptops and more

IDG UK Sites

What the Internet of Things will look like in 2015: homes will get smarter, people might get fitter

IDG UK Sites

See how Trunk's animated ad helped Ade Edmondson plug The Car Buying Service

IDG UK Sites

Yosemite tips: Complete Guide to OS X Yosemite