Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

VoIP Security Chief Warns of "Life And Death" Security Threats

David Endler, elected last month to head the first industry-wide organization devoted to promoting VoIP security, the Voice Over IP Security Alliance (VOIPSA), assumes the chairmanship of at a critical juncture. Voice over IP (VoIP) is taking off like a rocket. Once a distant promise, the consensus among industry watchers is that, in the plain words of In-Stat's Sam Lucero, VoIP "is the future of voice communications."

That future is now, according to VOIPSA, and along with it has come the inevitable and omnipresent security threats. "As VoIP increases in popularity and number of deployments, so will its attractiveness to potential attackers who now have a more accessible playground to poke at this new technology," Endler observes.

And he should know. Endler is the director of TippingPoint Technologies' Digital Vaccine security research division. Prior to that, he led the research division of iDEFENSE. In terms of security, Endler has seen it all -- and he sees trouble coming for VoIP users who don't take network security issues to heart.

"VoIP networks inherit most of the same security threats that traditional data networks are plagued with today," he notes. "However, by adding new VoIP components to an existing data infrastructure, new security requirements are also added: quality of service, reliability, and privacy. We can expect to see over the next year or two VoIP specific attack emerge that go beyond today's more prevalent data network vulnerabilities, but try to exploit the VoIP applications themselves."

In addition to the expected data network threats, Endler points out that security vulnerabilities have also been discovered in the H.323 and session initiation protocols themselves.

  • 1