Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

VOIP Security Group Urged On

A newly formed industry group is being pressued to help users deal with the impact of voice over IP (VOIP) security threats on their back-end systems.

The fledgling VOIP Security Alliance (VOIPSA) has been asked to beef up its approach to VOIP threats by issuing security standards for VOIP equipment (see Info-Tech Pinpoints VOIP Gaps).

VOIP networks, in contrast with the analog telecom networks that preceded them, rely heavily on back-end data center gear. That makes them potential conduits of data center trouble. If you’re putting an inherently insecure network onto your data network, you are exposing your entire infrastructure to risk,” says Carmi Levy, analyst at Info-Tech Research Group.

Levy is urging VOIPSA to start certifying both VOIP handsets and back-end systems to prove they are as secure as traditional telephone networks. Until this is done, he warns, users risk having their calls hijacked or eavesdropped, or having their voicemail compromised.

But expectations of quick progress by VOIPSA could be disappointed. David Endler, director of security research at TippingPoint Technologies Inc. and VOIPSA chairman, says that it is still early days for the organization. And despite Levy's urging, Endler can't say whether VOIPSA will deliver its own certification. “It’s not something that we have either ruled out or committed to,” he says. “The technical advisory board will continue to weigh that."

  • 1