VoIP Security Alliance Delivers VoIP Security Framework

The Voice over IP Security Alliance (VOIPSA) has released the first comprehensive description of security and threats in the field of Voice over IP. The results, known as the VoIP Security Threat Taxonomy, provide the industry with a clear view of VoIP threats, the vulnerabilities and a context for balancing trade-offs.

“The importance of this accomplishment is that it gives a foundation to all future discussions on VoIP security that are both technically and socially informed. Until now, the public has been uncertain about the various threats, how risks related to each other and technical trade-offs. This is fundamental to all future work in the field.” said Jonathan Zar, Secretary and Outreach Chair for VOIPSA, head of the taxonomy project and Senior Director for SonicWALL.

The project, launched in late March, is the first completed project of VOIPSA, an organization formed in February with the purpose of improving the public awareness of issues and best practices for securing Voice over IP. VOIPSA invites participation in the new project in the form of comments, feedback and discussion. Live portions of the VoIP Security Threat Taxonomy are now available for discussion by registering through links posted at: http://www.voipsa.org/Activities/

Major elements of the work include the following:

• Core definitions that give specific meaning to privacy and security
• A framework that effectively connects public policy and technology issues
• Recognition of the human element in threats as distinct from their technical means
• Specific sets of issues for consideration by legislative bodies and by law enforcement
• A detailed structure for technical vulnerabilities across the value chain

“While technical work on the taxonomy will continue, the results published today provide an effective framework with which to inform the press, the policy community and other projects within VOIPSA including: User Requirements, Best Practices and Testing,” added Mr. Zar.

David Endler, Chairman of VOIPSA and Director of Security Research for 3Com’s TippingPoint division, said “Since VOIPSA’s launch earlier this year, we’ve come a long way in gaining support throughout the VoIP and security industries. This first project puts security in context, and gives unique clarity to the challenges ahead. The Taxonomy Project is a significant accomplishment and will help shape the future work of VOIPSA and the industry. We expect to deliver the results of our next project, a list of security requirements, by the end of the year.”

VOIPSA membership now exceeds over 100 distinct organisational entities: global companies and institutions that represent the entire value chain for VoIP. These include major carriers, software companies, equipment vendors, large users and system integrators. New members include: Juniper, Nokia, Deloitte & Touche and BearingPoint to name a few.