Looking a decade ahead, the VoIP industry has taken its first steps towards foiling future attempts by Internet-style hackers to bring down a major IP phone service. A new group, the VoIP Security Alliance, or VOIPSA, recently launched two projects aimed at developing industrial-grade VoIP security methods.
VOIPSA members include manufacturers, service providers, research institutions and consultancies. The first two projects of the organization, which was formed in February, aim to develop a "threat taxonomy" and to define security requirements.
VOIPSA's efforts will be of particular interest to manufacturers of session border controllers, or SBCs, which will for a long time to come play a crucial role in defending VoIP networks from attack.
SBCs, which typically sit between the softswitches that control VoIP services and the public Internet, have a number of functions. One of the most important is firewall traversal. When a VoIP call has to go through a firewall, as most do, it can easily fail. Firewalls don't know how to deal with VoIP, which can involve as many as five separate data streams. SBCs know how to manuever both VoIP and video traffic through them.