Thursday, November 30, 2006

VOIP Security. VOIPSA comes to our aid.

VOIP security is not a subject we read or write much about because we are busy with getting products to the market. But VOIPSA, which I wrote about a year ago "VoIP Security Threat Taxonomy" has come to our aid again, this time with a new project, VOIPSA Best Practices project.
The media is awash with VOIP security concerns. I consider this is to be an excellent track as VOIP IP Telephony is picking up steam as never before. But most of the articles I read last week was by/about scanit.net research. Facts are good and applies to all of us, but the main reason I did not publish any article on it was because, Sacnit research was mainly based on it's clients in a few middle eastern countires, an area where VOIP is banned in some places.
The new project by VOIPSA will start this week and here is the project description, From VOIPSA;
"This project aims to define a common set of industry-wide ‘best practices’ for securing VoIP systems against the threats outlined in the Threat Taxonomy. While specific practices will vary according to vendor and architecture, the document created by this group will provide an overall view of how best to secure VoIP systems.

These best practices will aim to mitigate security threats across the VoIP ecosystem including individual VoIP building blocks, supporting security technology components (SBCs, Firewalls, etc.), architecture and network design (NAT, VPN, port security, etc.), network management, and end point Access and Authentication to name a few.

The end objective of this project is to create a document that can be used as a companion to the Threat Taxonomy. This document will by its nature evolve over time and we expect to periodically issue new versions.

Right now, though, we are just getting started and we welcome the participation of anyone who would like to be involved. To participate, please sign up to the Best Practices working group mailing list."

So get your gears ready and join. It will be good for all of us.

Links;
VOIPSA Blog Article
VOIPSA Best Practices working group mailing list
And of course VOIPSA

0 comments:

Blog Widget by LinkWithin