Group Announces VoIP Security Taxonomy - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Group Announces VoIP Security Taxonomy

By defining the kinds and nature of threats, the organization hopes to provide a common reference point to deal systematically with VoIP security issues.

The Voice over IP Security Alliance (VoIPSA) today announced its much anticipated VoIP Security Threat Taxonomy, a classification and description of the types of security threats that affect IP telephony.

Identified as the alliance's first major task when VoIPSA was formed last February, alliance secretary and taxonomy project head Jonathan Zar, who is also SonicWALL Senior Director, say that the taxonomy is the first step in dealing with VoIP security. "When we were asked by the press and the regulatory community about threats, we weren't always talking about the same thing," he says. "Everyone was talking about their part of the elephant."

By defining the kinds and nature of threats, Zar says VoIPSA hopes to give the Internet voice industry a common reference point to deal systematically with VoIP security issues. "Many vendors said they could solve the problem themselves, but by going to the taxonomy, it became clear that there would still be gaps," he says. "For example, voice spam was perceived as a big deal at the beginning, but it became clear early on that deceptive practices would be a bigger threat,"

Indeed, the threat taxonomy is a necessary precondition for VoIP to fulfill the other projects in its mandate. Zar points out that it makes little sense to develop security requirements and best practices or pursue security research "unless you know what you're up against."

The VoIP Security Threat Taxonomy is organized into four broad phyla. Two --denial of service and unlawful signal or traffic modification -- deal essentially with the integrity of the network signal and infrastructure. Signal interception and bypass of refused consent, on the other hand, categorize threats specific to VoIP and deal specifically with privacy. "Privacy is not a wishy-washy abstraction, it's a concrete idea," Zar says. "So we defined privacy first, and then we defined the expectations for privacy within the community and defined security as a way to ensure that."

According to Zar, responding to VoIP security threats and, consequently, the taxonomy upon which such a response will be based, is essential for the widespread adoption of IP telephony technologies. With VoIP adoption progressing rapidly, he says that, unless security is addressed now, "there will be problems." The key, Zar says, is to have security requirements and best practices in place before VoIP becomes as ubiquitous as traditional telephone service.

"There will be concern about security, of course, but we have created the conditions to develop solutions for these problems ahead of the curve," he says. "We expect some latency, as there always is with security technologies, but we expect the folks in the regulators community and in larger and midsized companies to act more quickly."

Though Zar says the taxonomy will probably undergo considerable elaboration and revision as VoIP security technologies and practices develop, he says that it represents a major milestone in IP telephony. Now, the alliance can get down to its other work. "This is a significant accomplishment of only one of the goals we set for ourselves, which is foundational," Zar says. "But we've also spoken to multiple communities about this -- not just the technical community, but the policy community as well."

Indeed, VoIPSA's membership has swelled considerably in the last eight months. Since it was founded last winter, the alliance has grown to over one hundred member organizations, including virtually all of the major VoIP equipment vendors and many of the service providers, "Pretty much anybody who is anybody in VoIP is a member," Zar says.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Becoming a Self-Taught Cybersecurity Pro
Jessica Davis, Senior Editor, Enterprise Apps,  6/9/2021
Ancestry's DevOps Strategy to Control Its CI/CD Pipeline
Joao-Pierre S. Ruth, Senior Writer,  6/4/2021
IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
White Papers
Register for InformationWeek Newsletters
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll