Say hello to the Voice over IP Security Alliance

In early February, 2005, a nascent organization to promote VoIP security research and testing began to take shape at a meeting in Austin, TX. Initial participants in the group, which formed to "discover and reduce VoIP security risks" include

    Requires Free Membership to View

many key vendors, service providers, various security interests, and academic institutions. Among them you'll find Alcatel, Avaya, Codenomicon, Columbia University, Ernst and Young's Guiliani Advanced Security Center, Insightix, NetCentrex, Qualys, SecureLogix, Siemens, Sourcefire, Southern Methodist University, Spirent, Symantec, the SANS Institute, Tenable Network Security, and TippingPoint.

By March 28, the organization, which calls itself the Voice over IP Security Alliance (VOIPSA), had elected a board of directors, announced two very interesting kick-off projects, and issued a call for additional participation from interested parties. At the same time, they reported that membership of its technical board of advisors had doubled to include more than 50 organizations. At the time, they reported their latest list of new members to include: Acme Packet; Agilent Technologies; Arbor Networks; Bell Canada; BorderWare Technologies; Cox Communications; Extreme Networks; Foundstone Professional Services, a division of McAfee, Inc.; InfraVAST; MCI; Miercom; Mitel; PricewaterhouseCoopers; Samsung Telecommunications America; SonicWALL; Sprint; Telcordia and VeriSign (for the full slate of directors and a complete list of members, see the site's Leadership page).

The composition of the board includes David Endler of TippingPoint (Chairman), Johnathan Zar of SonicWall (Secretary), Andrew Graydon of Borderware (Chair Security Requirements Committee), Ofir Arkin of Insightfix (Chair Security Research Committee) and Brian Tolly of Spirent Communications (Chair Testing Committee) so the leadership is well-stocked with security experts. The group's kick off projects also promise some interesting research and results:

  • Threat Taxonomy: In biology a taxonomy is something like a family tree of known species, organized into various branches and sub-branches. VOIPSA's threat taxonomy will provide a glossary of terms organized into a structure that describes security threats and establishes a common lexicon for VOIPSA members to use. Since arguing over terms is a time-honored (and –consuming) tradition, getting this stuff straight (and keeping it that way) is a smart move.
  • Security Requirements: This will involve development of user profiles and related security requirements to provide input on projects at VOIPSA related to best practices, testing, and communications with the outside world, divided up into the press, industry, and the general public.

Additional committees are forming to get projects going in community outreach, security requirements, security research, best practices, and testing.

As with other forms of information security, establishing ground rules, developing basic terminology and concepts, and deciding how and what to communicate to the world are all extremely important. I'm glad to see the organization off to a strong start, and planning to develop research materials and reports that will hopefully be illuminating, informative, and educational. It'll be interesting to watch and see what happens!

Ed Tittel is a regular contributor to numerous TechTarget Web sites, and the author of over 100 books on a wide range of computing subjects from markup languages to information security. He's also a contributing editor for Certification Magazine, and edits Que Publishing's Exam Cram 2 and Training Guide series of cert prep books. E-mail Ed at etittel@techtarget.com.

This was first published in April 2005

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.