TippingPoint has established a VOIP Security Alliance in conjunction with VoIP vendors, providers, security researchers, and thought leaders to discover and reduce VoIP security risks.

Some of the charter members include 3Com, Alcatel, Avaya, Codenomicon, Columbia University, Ernst & Young’s Guiliani Advanced Security Center, Insightix, NetCentrex, Qualys, SecureLogix, Siemens, Sourcefire, Southern Methodist University, Spirent, Symantec, the SANS Institute and Tenable Network Security.

“Despite the advantages of VoIP, if the technology is not implemented properly and securely, we will likely circumvent existing security controls and expose our networks,” said Brian Kelly, director of Giuliani Advanced Security Center at Ernst & Young. “This alliance is an important initiative to help us leverage the technology while understanding and managing the risks.”

The growing convergence of voice and data networks only serves to exacerbate and magnify the security risks of today’s traditional prevalent cyber attacks. Successful attacks against a combined voice and data network can cripple an enterprise, halt communications required for productivity, and result in irate customers and lost revenue. As VoIP deployments become more widespread, the technology becomes a more attractive target for hackers, increasing the potential for harm from cyber attacks. The emergence of VoIP application-level attacks will likely occur as attackers become more familiar with the technology through exposure and easy access.

Joseph Curcio, vice president of security technology development at Avaya, said, “Once the decision is made to put VoIP at the heart of their business, companies need to address security holistically — at the applications, systems and services layers. Avaya believes the VoIP Security Alliance will enable businesses to experience the benefits of IP, while ensuring network security and preserving business continuity.”

The VoIP Security Alliance (VOIPSA) aims to help organizations understand and avoid VoIP security risks through discussion lists, white papers, sponsorship of VoIP security research projects, and the development of tools and methodologies for public use. VOIPSA is the first and only group solely and holistically dedicated to VoIP security backed by a wide spectrum of organizations represented by universities, security researchers, VoIP vendors, and VoIP providers. With VOIPSA collaboration, TippingPoint hopes to use and improve a VoIP security testing tool it developed to find and research VoIP vulnerabilities.

“VoIP is starting to gain momentum in the market, but proactively addressing security concerns will help drive widespread adoption,” said Gerhard Eschelbeck, VP of Engineering and CTO of Qualys. “Qualys is excited to participate in an industry-wide effort to continue this work and develop solutions to meet the security requirements of VoIP.”

webproworld | Breaking eBusiness News
Your source for investigative ebusiness reporting and breaking news.