Network Computing is part of the Informa Tech Division of Informa PLC
Security Group Takes First Major Step Against VoIP Dangers
The Voice over IP Security Alliance (VoIPSA) today announced its much anticipated VoIP Security Threat Taxonomy, a classification and description of the types of security threats that affect IP telephony.
Identified as the alliance's first major task when VoIPSA was formed last February, alliance secretary and taxonomy project head Jonathan Zar, who is also SonicWALL Senior Director, say that the taxonomy is the first step in dealing with VoIP security. "When we were asked by the press and the regulatory community about threats, we weren't always talking about the same thing," he says. "Everyone was talking about their part of the elephant."
By defining the kinds and nature of threats, Zar says VoIPSA hopes to give the Internet voice industry a common reference point to deal systematically with VoIP security issues. "Many vendors said they could solve the problem themselves, but by going to the taxonomy, it became clear that there would still be gaps," he says. "For example, voice spam was perceived as a big deal at the beginning, but it became clear early on that deceptive practices would be a bigger threat,"
Indeed, the threat taxonomy is a necessary precondition for VoIP to fulfill the other projects in its mandate. Zar points out that it makes little sense to develop security requirements and best practices or pursue security research "unless you know what you're up against."
The VoIP Security Threat Taxonomy is organized into four broad phyla. Two --denial of service and unlawful signal or traffic modification -- deal essentially with the integrity of the network signal and infrastructure. Signal interception and bypass of refused consent, on the other hand, categorize threats specific to VoIP and deal specifically with privacy. "Privacy is not a wishy-washy abstraction, it's a concrete idea," Zar says. "So we defined privacy first, and then we defined the expectations for privacy within the community and defined security as a way to ensure that."
Recommended For You
Developing and managing a network budget is hard work for network professionals, who often get hit with new projects that they know nothing about. Is there a better way to manage network spending?
Making the jump from outdated legacy technology to a more modern digital infrastructure will allow businesses to innovate at the speed and scale needed in today’s marketplace.
The business world is speeding up. The longer IT leaders wait to get their needs met, the more at risk their businesses and their jobs will be.