[February 8, 2005]

VOIPSA: VoIP Security Alliance Formed

BY JOHANNE TORRES

As VoIP security risks grow, industry leaders are looking into new ways of stopping the threat from hindering the technology’s worldwide adoption. This week, a new VoIP Security Alliance (VOIPSA) was launched with open membership for leading VoIP vendors, providers, security researchers, and other industry players in order to discover and reduce VoIP security risks. Some of the charter members for VOIPSA include 3Com, Alcatel, Avaya, Codenomicon, Columbia University, Ernst and Young’s Guiliani Advanced Security Center, Insightix, NetCentrex, Qualys, SecureLogix, Siemens, Sourcefire, Southern Methodist University, Spirent, Symantec, the SANS Institute, Tenable Network Security, and TippingPoint. A complete list of members can be accessed at the organization’s Web site.

"Despite the advantages of VoIP, if the technology is not implemented properly and securely, we will likely circumvent existing security controls and expose our networks," said Brian Kelly, director of Giuliani Advanced Security Center at Ernst & Young. "This alliance is an important initiative to help us leverage the technology while understanding and managing the risks."

Joseph Curcio, vice president of security technology development at Avaya, said, "Once the decision is made to put VoIP at the heart of their business, companies need to address security holistically  – at the applications, systems and services layers.  Avaya believes the VoIP Security Alliance will enable businesses to experience the benefits of IP, while ensuring network security and preserving business continuity."

According to VOIPSA, the association aims to help organizations understand and avoid VoIP security risks through discussion lists, white papers, sponsorship of VoIP security research projects, and the development of tools and methodologies for public use. VOIPSA will be dedicated to VoIP security backed by a wide spectrum of organizations represented by universities, security researchers, VoIP vendors, and VoIP providers.

"VoIP is starting to gain momentum in the market, but proactively addressing security concerns will help drive widespread adoption," said Gerhard Eschelbeck, VP of Engineering and CTO of Qualys. "Qualys is excited to participate in an industry-wide effort to continue this work and develop solutions to meet the security requirements of VoIP."

"Last year, TippingPoint announced the formation of a VoIP Security Research Lab to discover and analyze VoIP threats," said TippingPoint’s Chief Technology and Strategy Officer Marc Willebeek-LeMair. "VOIPSA is the culmination of our efforts to work alongside VoIP leaders to analyze weaknesses in VoIP architectures and discover new vulnerabilities through functional protocol testing. VOIPSA’s research will facilitate better education for the industry and help reduce the risk of threats."

TippingPoint is providing an administrative service in forming VOIPSA, recruiting members and facilitating VOIPSA meetings. TippingPoint is also contributing a VoIP security testing tool it developed to find and research VoIP vulnerabilities in hopes it can be enhanced and further developed through VOIPSA.

VoIP Security Alliance (VOIPSA)
www.voipsa.org