Group Aims to Make Internet Phone Service Secure
<http://online.wsj.com/article_print/0,,SB110790485798349353,00.html> The Wall Street Journal February 9, 2005 TELECOMMUNICATIONS Group Aims to Make Internet Phone Service Secure Alliance of Tech Companies Looks for Ways To Head Off Attacks by Hackers, Viruses By RIVA RICHMOND DOW JONES NEWSWIRES February 9, 2005; Page D4 A group of more than 20 technology companies and computer-security organizations has gone on the offensive to protect the burgeoning Internet telephone service from hackers, viruses and other security problems. The VOIP Security Alliance, which was announced earlier this week, will focus on uncovering security problems and promoting ways to reduce the risk of attack for voice over Internet protocol, or VOIP, technology. The group, known as VOIPSA, includes companies such as 3Com Corp., Alcatel SA, Avaya Inc., Siemens AG, Symantec Corp. and Ernst & Young LLP. Other members include the National Institute of Standards and Technology, a federal government agency; the SANS Institute, a research organization for network administrators and computer-security professionals; and several universities. The group's goal is to help make VOIP as secure and reliable as traditional telephone service. VOIP breaks voice into digital information and moves it over the Internet. That can make phone service much cheaper, but it also opens the door to the kind of security woes that have come to plague the Internet. VOIP enthusiasts worry that security and privacy problems could hamper adoption of the technology. "VOIP has a lot of great value propositions, but in order for it to be successful, it has to be secured" and offer service quality that's on par with the current phone system, said David Endler, chairman of the alliance and an executive at TippingPoint, a security company that recently was acquired by 3Com. "VOIPSA is a first step in doing that." Internet telephone service is expected to be rolled out rapidly to consumers and business customers, starting this year. Mr. Endler said many network operators don't realize they need to alter their security strategies when they add Internet phone service. For instance, traditional firewalls cannot police VOIP traffic, he said, and so networks will need to be upgraded with newer security technologies. There's little understanding of what security problems VOIP might introduce and what kind of defensive measures need to be taken. VOIPSA intends to improve that situation by sponsoring research, uncovering vulnerabilities, disseminating information about threats and security measures, and providing open-source tools to test network-security levels. Because VOIP will be dependent on the Internet, there's little hope that security troubles can be avoided, said Alan Paller, director of research at the SANS Institute, though early action by technology makers to address problems is positive and welcome. "It's not a lightweight problem," he said. "How well would you do with no phone?" If Internet attacks can disrupt phone service, "you radically expand the number of victims," he said. "VOIP networks really inherit the same cyber-security threats that data networks are today prone to, but those threats take greater severity in some cases," Mr. Endler said. For instance, a life-or-death emergency call to 911 might not get through if a network is crippled by a hacker attack. Worse, a broad assault on the phone system could become a national security crisis that causes economic damage. -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
participants (1)
-
R.A. Hettinga