A group of vendors and security researchers has launched an alliance for VoIP (Voice over Internet Protocol) security awareness, research and testing.
The VoIP Security Alliance (VOIPSA) aims to raise awareness of the security risks around the emerging technology through research, whitepapers, discussion mailing lists, and development of open-source tools.
Tipping Point, a division of 3Com, spearheaded the alliance to meet industry need for a central VoIP security resource, said David Endler, the company’s director of digital vaccine.
Alliance members include Alcatel, Enterasys, the SANS Institute, Southern Methodist University, and Symantec.
Currently, the threats to a VoIP infrastructure are the same as those to a traditional data network, Endler said. But as the technology becomes rolled out on a large scale, VoIP-specific threats will emerge as attackers become more savvy to the technology, he added.
For example, VoIP provides functionality for redirecting calls if someone is away from the office. If not configured correctly, a company’s competitor could redirect calls to their own phone bank and steal business, Endler said.
Also, a traditional data network under a denial-of-service attack may result in slower web surfing, but a DoS attack on a VoIP system could mean a 911 call does not get through, he said.
“VoIP has a great value proposition, but without meeting those requirements for quality of service, reliability and privacy, it will fail. In order for it to thrive, it needs to be secured,” Endler said.