New Alliance Will Be Voice of VoIP Security

In the rush to implement new technology, security concerns may sometimes be left behind, but doing so can mean the difference between widespread adoption and failure.

This, David Endler, director of Digital Vaccine atTippingPoint Technologies, told CRM Buyer, is the impetus behind the VoIPSecurity Alliance, announced today.

TippingPoint, a division of 3Com, has brought together 22 organizations — from call center operators to universities to security firms — to aggregate and expand security information and technology for VoIP.

VoIP Adoption Growing

By the end of 2004, 12.3 percent of U.S. enterprises had deployed some type of VoIP in their businesses, Darryl Schoolar, senior analyst at InStat, told CRM Buyer. That figure is up from 3.4 percent in 2003. He’s projecting it will climb to 19.2 percent by the end of this year.

But Endler said that although adoption rates are growing, there had been no central repository for information on how best to implement and secure a VoIP network.

“A year ago, when TippingPoint was getting into the VoIP space, we got a lot of questions from enterprise customers who wanted to know what are the issues around VoIP and security,” he said. It prompted the company to consider a joint effort to look at those very issues.

While many call centers and other businesses are attracted to VoIP because of the potential for cost savings, the potential for denial of service attacks and other hacks could slow or stop the technology’s adoption.

Threat to Business Performance

Call centers that rely on VoIP without proper security measures could find themselves facing degraded quality of service, slowdowns, or no service at all. In addition, insecure lines could lead to information theft, leaving a call center liable.

Right now, VoIP is most vulnerable to the same types of attacks that plague the Web, Endler said, but in the future, he expects hackers to develop attacks that specifically target VoIP, such as hijacking service, data interception, and eavesdropping.

Technology Attracts Hackers

Those who have deployed VoIP must examine their entire application stack for security weaknesses and then add a layer of VoIP protection, Endler said.

“As a group, we want to make sure that the threats are identified,” he said.”It’s just a matter of time before hackers start taking advantage.”

The security alliance will meet next week to prioritize specific goals. In addition to acting as a library for VoIP security information, the alliance wants to develop tools for mitigating risk and enhancing VoIP testing tools, which can be used to find vulnerabilities in existing networks and prevent future vulnerabilities.

Endler said TippingPoint, which creates network-based security systems, facilitated the creation of the alliance but is not its leader. He said the group is vendor-neutral and has an open membership policy.