Companies form security alliance for VOIP

Free Newsletters

Log-in | Register

Companies form security alliance for VOIP Group aims to promote best practices, spur VOIP adoption
By Paul Roberts, IDG News Service February 07, 2005			E-mail Printer Friendly Reprints Slashdot It!

Leading computer security and telecommunications companies said they are joining forces to raise awareness of threats to VOIP (voice over Internet Protocol) technology.

Free IT resource

Virtualization Insights from Top Experts - Learn how virtualization gets real!

Sponsored by Microsoft

The VOIP Security Alliance will disseminate knowledge of VOIP security risks through discussion lists, white papers and research projects. The group hopes to spur adoption of VOIP by promoting best practices for companies that adopt VOIP, and by warning organizations of threats to VOIP, including spam and denial of service (DOS) attacks, according to Dave Endler, director of digital vaccine at TippingPoint, a division of 3Com.

The new group is the first cross-industry association that is focused on VOIP security. It includes players in the VOIP market, such as Avaya and Alcatel, VOIP newcomer Comcast, security technology vendors Symantec and Qualys, as well as TippingPoint.

One goal of the group is clear up misconceptions about the technology, which allows voice conversations to be transmitted over the Internet. One misconception the group will try to dispel is that deploying VOIP is the same as deploying traditional data networks, Endler said.

"There's this idea that you don't need to do anything different after you install VOIP applications," he said.

However, VOIP introduces new requirements for IP networks, including a higher premium on quality of service so that voice conversations are intelligible, and on the privacy of voice data sent over the network, Endler said.

Deploying VOIP also raises the stakes for network outages, including DOS attacks, because organizations lose voice as well as network services in such attacks, he said.

"Imagine not being able to dial 911 -- or imagine a 911 call center (that uses VOIP) inundated with VOIP spam," Endler said.

The group will research and distribute information on VOIP vulnerabilities and promote VOIP security tools.

For example, the VOIP Security Alliance is backing research into VOIP security tools, including a "fuzzer" for SIP (Session Initiation Protocol), a VOIP communications protocol. The tool will be able to test SIP for weaknesses and vulnerabilities that could lead to attacks, Endler said.

The group will also promote best practices for deploying VOIP, such as configuring VOIP gear and separating voice data from other data on so-called "converged networks," he said.

Membership to the VOIP Security Alliance is dominated by companies, but is open to individual researchers and university research groups, as well as VOIP enthusiasts who are experts in the technology, Endler said.

While many leading VOIP players have already joined, some major players in the space, including network gear maker Cisco Systems Inc. and Juniper Networks Inc., are not listed as members.

But Endler says the group can succeed even without the backing of major technology vendors by becoming a reliable source of information and advice on VOIP security issues. He likened the group to the Open Web Application Security Project, a volunteer group that produces tools, documentation and standards for Web application security.

Individuals interested in joining the VOIP Security Alliance or subscribing to a VOIP security discussion list can visit the group's Web site: http://www.VOIPsa.org.

E-mail

Printer Friendly

Reprints

Slashdot It!

TOP NEWS:

» Troubleshooting tool for Java offered
Sun's Java VisualVM open-source technology views apps while they run on a JVM and is billed as all-in-one solution

» Python backing eyed for NetBeans
Scripting language capabilities of the open-source IDE continue to expand

» Microsoft sets Windows XP SP3 automatic download for Thursday
The latest service pack for Windows XP will be pushed to Automatic Update at 7a.m. EDT on July 10

» Real Software, Veryant bolster dev tools
RealBasic, Cobol apps platforms get improvements

» Microsoft sets hosted-services pricing, irks partners
By offering 38 percent discount to customers who buy entire hosted business productivity suite, Microsoft undercuts partners selling similar services

» Adobe readying new mashup tool for business users
Mashup interface code-named 'Genesis' will open up desktop 'workspace' combining business application data, documents, analytics, and instant messaging

Develop an integrated management and security strategy
Watch this Webcast and discover a scalable mobile software platform that combines mobile device management, enterprise-to-edge security, email/messaging, and back-office application extension capabilities, to empower employees to do their work anywhere, anytime, on any device. Sponsor: Sybase iAnywhere

» Click here to view this Webcast

The Silver Lining: Cloud Computing
This IT Strategy Guide digs deep into cloud computing helping put you ahead of the curve on this hot topic. It explores the differences between cloud computing, grid computing and utility computing and then helps you see where and how each applies to your business. Sponsored by Box.net

» Click here to download now

- Special Advertising Partners -

WHITE PAPERS

Disaster Recovery in Minutes - This paper describes a complete disk-based system recovery solution for Microsoft Windows based servers, desktops, and laptops...
Protecting Microsoft(R) Applications - Microsoft Exchange, SQL, Active Directory, and SharePoint have quickly risen to mission-critical status in many companies...
Reduce Recovery Times and Tape Costs - Today's enterprises face a data protection challenge: how to optimize the backup and recovery of business-critical data ...
Secure, recover, and archive critical information - Today's businesses must keep their infrastructures up and running 24x7. That means that the physical systems, the operating...
Consolidating Workloads onto Mainframes - The flexibility, efficiency, and reduced cost of ownership virtualization provides makes it extremely compelling to large...
Transformational Analytics: Virtualizing IT Environments - The overwhelming complexity of the modern data center compounds the problem of how to safely virtualize IT environments....

» Technology White Papers Library

Technology White Papers by Topic

Technology White Papers E-mail Alert

Find out when the latest white paper is available:

INFOWORLD MARKETPLACE

Deliver REMOTE SUPPORT Easily. Try WebEx FREE! - DOWNLOAD WEBEX SUPPORT CENTER FREE! Deliver efficient, effective support. CRUSH SUPPORT LOG JAMS!
Migrating to an IP-VPN? XO Can Make It Happen - Learn the five critical success factors with a free whitepaper from XO Enterprise Solutions.
Sign up to TRY WEBEX SUPPORT CENTER FOR FREE! - Get your FULL FEATURED trial here. Share documents and applications, address support challenges.
IP Networks Boost Secure Health Communications - AT&T provides secure communication to keep health care moving forward.
Why a CMDB? - IT best practices (ITIL) have shown the benefits of a CMDB. Click for whitepapers.

» BUY A LINK NOW

FIND PRODUCTS AND COMPANIES

» COMPLETE PRODUCT GUIDE

TECHNOLOGY INDEX

• Applications
• Application Development
• Security
• Networking
• Wireless
• Platforms
• Hardware
• Data Management
• Storage
• Web Services
• Business
• Telecom
• Professional Services
• Standards

TECH WATCH

What's the 411 on GOOG-411?
Just as Google has become synonymous with "performing a Web search," 411 is understood to mean "information" -- as in "what's the 411?" I was thus surprised to discover, from a billboard, no less, that the king of search is taking on the ...

Apple HTML source reveals 'iPhone Extreme'
"This one's a stretch..." reports AppleInsider. Um, yeah. Reporting on HTML code sightings of product names could be called a stretch, but iPhone Extreme has a ring to it. Now, that sounds like the product Apple should have released first, rather ...

COLUMNISTS

Unified under law

(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...

» MORE COLUMNISTS

MORE INFOWORLD BLOGS

Open Sources

Product Management
When I joined MySQL four years ago, there was quite a lot of debate about product management. We didn't actually have ...

Zero Day

Botnet herders tending smaller flocks
New research backs up the theory that botnet operators are keeping their networks smaller in a continued effort to keep ...

• Advice Line
• Database Underground
• The Deep End
• Enterprise Mac
• Geeks in Paradise
• Grid Meter
• The Gripe Line
• InfoWorld Daily
• Inside IT
• IT Troubleshooter
• ITXtreme
• Open Sources
• ProdBlog
• Real World SOA
• Reality Check
• Security Adviser
• SMB IT
• The Storage Network
• Tech Watch
• Virtualization Report
• Zero Day

RESOURCE CENTER	advertisement
Ads by techwords beta See your link here

GOVERNMENT IT & POLICY
•	'If you don't go after the network, you're never going to stop these guys. Never.'
•	From the State Department, All the News for Inquiring Minds
•	TechPresident, the Internet Citizenry's New Consensus Taker

Sponsored Technology Links
CA - Efficient - Flexible - Compliant PGP - Is Your Data Safe? Novell, IBM, and Intel - Solution for Open Virtualization Provides Server Consolidation Curl - IT Guide: Rich Internet Application (RIA) Security HP/Intel - If you don't have enough I/O, your VMs aren't going to go. Symantec - Whitepaper: Secure, recover, and archive critical information Microsoft - {Open Source} Heroes Happen Here Symantec - Whitepaper: Protecting Microsoft(R) Applications Riverbed - Five Ugly Truths about WAFS and Caching InterSystems - Use Ensemble - quickly create composite applications. AT&T - Factors to consider when comparing DSL or Cable Cirba - Advanced Workload Analysis Techniques Rackspace - Go Green Without Sacrificing Server Performance CA - Manage your IT more effectively. AT&T - Measuring mobile productivity AT&T - Thinking about IMS CA - Plan IT better, Manage IT better. AT&T - Refine your company's plan for a Business Disruption Event AT&T - Going mobile with today's technology Cirba - Consolidating Workloads onto Mainframes AT&T - What to expect from a Technology Assessment.		AT&T - Class of Service: Myths and Misconceptions AT&T - Enhancing security through Quantum Cryptography Riverbed - Wide Area Data Services Microsoft - Microsoft Forefront makes defending your systems easier. Learn how. HP - Explore the interactive whitepaper: Rightsizing Blades for the mid-market. Symantec - Webcast: Beyond AntiVirus AMD - Renowned Engineering Institution Chooses AMD Processor-Based Servers AMD - Watch this flash demo of the Quad-Core AMD Opteron Processor EMC - EMC and VMware help you build your virtualized infrastructure. AMD - HP and Oracle deploy unbreakable computing infrastructure Qwest - Learn how Qwest voice and data solutions can save you time. MKS - The Power of UNIX/Linux on Windows with MKS Toolkit Vision Solutions - Is your smaller organization ready for High Availability? Vision Solutions - Is system maintenance doing more harm than good? HP - NEW HP LaserJet P4014n printer Starting at $699 after $100 IS. HP - HP LaserJet M3035 MFP series Starting at $1,599. SHOP NOW HP - Speed, agility, flexibility - The HP BladeSystem c-Class. Vkernel - Resolve Capacity Bottlenecks and Enhance Your Virtual Environment Nokia - Restore Your Mobile Devices With One Click Oracle - The Power of Two with SOA and BPM

	HOME NEWS BLOGS PODCASTS VIDEOS TECHNOLOGIES TEST CENTER EVENTS CAREERS	About \| Advertise \| Awards \| RSS \| Contact Us
Copyright © 2008, Reprints, Permissions, Licensing, IDG Network, Privacy Policy, Terms of Service. All Rights reserved. InfoWorld is a leading publisher of technology information and product reviews on topics including viruses, phishing, worms, firewalls, security, servers, storage, networking, wireless, databases, and web services. CIO :: ComputerWorld :: CSO :: Demo :: GamePro :: Games.net :: IDG Connect :: IDG World Expo Industry Standard :: IT World :: JavaWorld :: LinuxWorld :: MacUser :: Macworld :: Network World :: PC World :: Playlist