Alliance Tackles VoIP Security Threats

The VoIP Security Alliance (VoIPSA), spearheaded by 3Com's recently acquired TippingPoint division, launched with more than 20 charter members, including Avaya, Qwest, Siemens, Symantec and the SANS Institute.

"Now most of the security threats to VoIP are the same that face data networks. Attackers haven't taken the time to develop VoIP-specific hacker tools yet, but that will change," said David Endler, chairman of VoIPSA and director of Digital Vaccine at TippingPoint, Austin, Texas.

Attacks that create annoyance for data network users could be more severe for VoIP users, Endler said.

"If you experience a denial of service attack as a data user, maybe your Web browser is slow, but for a VoIP-enabled call center, maybe it means a 911 [emergency] call doesn't come in or out," he said.

For now, customers are more focused on VoIP technologies rather than the security concerns that could accompany them, said Peter Busam, vice president and COO of solution provider Decisive Business Systems, Pennsauken, N.J.

"VoIP security is a real issue, but it may not be a real problem at this point," Busam said. Hopefully the new alliance can anticipate attacks before the hackers come up with them, he said.

Security threats to VoIP systems could become more common as the technology gains acceptance, Endler said.

The group, scheduled to hold its first meeting on Feb. 21 via teleconference, plans to outline and identify threats to VoIP security, craft best practices and develop and test free security tools, Endler said.

Endler said other vendors are likely to join the alliance soon. Noticeably absent from the initial list of vendors is Cisco Systems, one of the leading VoIP vendors. Cisco was invited to join the organization and is still mulling it over, Endler said.

Matt Villano contributed to this report.