Risk: Informational
The recently formed Voice over IP Security Alliance (VOIPSA) has released its first comprehensive description of the security threats faced by Internet telephony.
The group's VoIP Security Threat Taxonomy outlines the threats and vulnerabilities, and what it describes as a "context for balancing trade-offs".
Major aspects outlined in the report include recognition of the human element in threats as distinct from their technical means; specific sets of issues for consideration by legislative bodies and law enforcement agencies; and a detailed structure for technical vulnerabilities.
"This provides a foundation for all future discussions on VoIP security. Until now, the public has been uncertain about the various threats, how the risks related to each other and the technical trade-offs," said Jonathan Zar, secretary and outreach chairman at VOIPSA.
VOIPSA has identified a range of attacks including reconnaissance, denial of service, host/protocol vulnerability exploits, surveillance, hijacking, identify theft, eavesdropping and the insertion, deletion and modification of audio streams.
"The first step is getting people to agree on the problem, and get it to the level of granularity to get them to work on it technically," said Zar.
VOIPSA was formed in February with the purpose of improving public awareness of issues and best practices for securing VoIP.
The organisation has grown to 100 member companies from just 20 when it launched earlier this year. They include Juniper, Nokia, Deloitte & Touche and BearingPoint.