Group Announces VoIP Security Taxonomy - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Infrastructure

Group Announces VoIP Security Taxonomy

By defining the kinds and nature of threats, the organization hopes to provide a common reference point to deal systematically with VoIP security issues.

The Voice over IP Security Alliance (VoIPSA) today announced its much anticipated VoIP Security Threat Taxonomy, a classification and description of the types of security threats that affect IP telephony.

Identified as the alliance's first major task when VoIPSA was formed last February, alliance secretary and taxonomy project head Jonathan Zar, who is also SonicWALL Senior Director, say that the taxonomy is the first step in dealing with VoIP security. "When we were asked by the press and the regulatory community about threats, we weren't always talking about the same thing," he says. "Everyone was talking about their part of the elephant."

By defining the kinds and nature of threats, Zar says VoIPSA hopes to give the Internet voice industry a common reference point to deal systematically with VoIP security issues. "Many vendors said they could solve the problem themselves, but by going to the taxonomy, it became clear that there would still be gaps," he says. "For example, voice spam was perceived as a big deal at the beginning, but it became clear early on that deceptive practices would be a bigger threat,"

Indeed, the threat taxonomy is a necessary precondition for VoIP to fulfill the other projects in its mandate. Zar points out that it makes little sense to develop security requirements and best practices or pursue security research "unless you know what you're up against."

The VoIP Security Threat Taxonomy is organized into four broad phyla. Two --denial of service and unlawful signal or traffic modification -- deal essentially with the integrity of the network signal and infrastructure. Signal interception and bypass of refused consent, on the other hand, categorize threats specific to VoIP and deal specifically with privacy. "Privacy is not a wishy-washy abstraction, it's a concrete idea," Zar says. "So we defined privacy first, and then we defined the expectations for privacy within the community and defined security as a way to ensure that."

According to Zar, responding to VoIP security threats and, consequently, the taxonomy upon which such a response will be based, is essential for the widespread adoption of IP telephony technologies. With VoIP adoption progressing rapidly, he says that, unless security is addressed now, "there will be problems." The key, Zar says, is to have security requirements and best practices in place before VoIP becomes as ubiquitous as traditional telephone service.

"There will be concern about security, of course, but we have created the conditions to develop solutions for these problems ahead of the curve," he says. "We expect some latency, as there always is with security technologies, but we expect the folks in the regulators community and in larger and midsized companies to act more quickly."

Though Zar says the taxonomy will probably undergo considerable elaboration and revision as VoIP security technologies and practices develop, he says that it represents a major milestone in IP telephony. Now, the alliance can get down to its other work. "This is a significant accomplishment of only one of the goals we set for ourselves, which is foundational," Zar says. "But we've also spoken to multiple communities about this -- not just the technical community, but the policy community as well."

Indeed, VoIPSA's membership has swelled considerably in the last eight months. Since it was founded last winter, the alliance has grown to over one hundred member organizations, including virtually all of the major VoIP equipment vendors and many of the service providers, "Pretty much anybody who is anybody in VoIP is a member," Zar says.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
Gartner Forecast Sees 7.3% Shrinkage in IT Spending for 2020
Joao-Pierre S. Ruth, Senior Writer,  7/15/2020
Slideshows
10 Ways AI Is Transforming Enterprise Software
Cynthia Harvey, Freelance Journalist, InformationWeek,  7/13/2020
Commentary
IT Career Paths You May Not Have Considered
Lisa Morgan, Freelance Writer,  6/30/2020
White Papers
Register for InformationWeek Newsletters
The State of IT & Cybersecurity Operations 2020
The State of IT & Cybersecurity Operations 2020
Download this report from InformationWeek, in partnership with Dark Reading, to learn more about how today's IT operations teams work with cybersecurity operations, what technologies they are using, and how they communicate and share responsibility--or create risk by failing to do so. Get it now!
Video
Current Issue
Key to Cloud Success: The Right Management
This IT Trend highlights some of the steps IT teams can take to keep their cloud environments running in a safe, efficient manner.
Slideshows
Flash Poll