VoIP Players Form Security Alliance

VoIP Players Form Security Alliance

Photo of author
Written By Eric Sandler

By Colin C. Haley

February 7, 2005

UPDATED: Nearly two-dozen Voice over IP industry players have formed a new group to ensure that VoIP security keeps pace with adoption.

Spearheaded by 3Com’s TippingPoint intrusion prevention unit, the VoIP Security Alliance (VOIPSA) will run discussion lists, publish white papers and sponsor research.

Other VOIPSA members include network gear maker Alcatel, communications software developer Avaya, Columbia University and security software vendor Symantec.

“We’ve been recruiting members for the past couple of months,” Laura Craddick, a TippingPoint spokeswoman, told internetnews.com. “In about a week we’ll hold a conference call to discuss future projects.”

Membership is free and still open. Craddick hopes the official launch will attract new members. VOIPSA still has pitches out to Cisco and Nortel, two of the bigger names in VoIP equipment, she said.

VoIP is becoming increasingly popular in enterprises, with converts like Bank of America and Ford. In addition to long-distance savings, companies moving to IP expect to cut maintenance costs, because they have only one network to manage.

IP telephony also makes handling employee moves more efficient; businesses can scale up or down without calling vendors. That cost could be significant in large companies.

On the consumer side, the number of U.S. households using VoIP will jump from 400,000 to 12 million over the next five years, according to new report from JupiterResearch, which is owned by the same parent company as this site.

VoIP is being heavily marketed by cable companies, telecoms and independent VoIP specialists.

But some security experts are concerned VoIP networks could be vulnerable to Denial-of-Service attacks and even a distant risk of spam.

“The same threats on a data network are also inherent in a VoIP deployment,” Craddick said. “Then there are additional risks in VoIP protocols.”

For example, security organizations have previously flagged vulnerabilities in Session Initiation Protoco and the H.323 networking protocol.

An earlier version of this story misidentified TippingPoint’s specialty. It is an intrusion prevention company.


Leave a Comment