[VOIPSEC] Has TippingPoint released their VOIP tools according to
the PR release??
mht3 at earthlink.net
Fri Feb 25 14:51:32 GMT 2005
"TippingPoint is also contributing a VoIP security testing tool it developed to find and research VoIP vulnerabilities in hopes it can be enhanced and further developed through VOIPSA."
Monday, February 07 2005 @ 10:50 AM CST
Contributed by: ByteEnable
The industryâs first Voice over Internet Protocol (VoIP) Security Alliance was launched today in conjunction with leading VoIP vendors, providers, security researchers, and thought leaders to discover and reduce VoIP security risks. Some of the charter members include 3Com, Alcatel, Avaya, Codenomicon, Columbia University, Ernst and Youngâs Guiliani Advanced Security Center, Insightix, NetCentrex, Qualys, SecureLogix, Siemens, Sourcefire, Southern Methodist University, Spirent, Symantec, the SANS Institute, Tenable Network Security, and TippingPoint.
The growing convergence of voice and data networks only serves to exacerbate and magnify the security risks of todayâs traditional prevalent cyber attacks. Successful attacks against a combined voice and data network can cripple an enterprise, halt communications required for productivity, and result in irate customers and lost revenue. As VoIP deployments become more widespread, the technology becomes a more attractive target for hackers, increasing the potential for harm from cyber attacks. The emergence of VoIP application-level attacks will likely occur as attackers become more familiar with the technology through exposure and easy access.
The VoIP Security Alliance (VOIPSA) aims to help organizations understand and avoid VoIP security risks through discussion lists, white papers, sponsorship of VoIP security research projects, and the development of tools and methodologies for public use. VOIPSA is the first and only group solely and holistically dedicated to VoIP security backed by a wide spectrum of organizations represented by universities, security researchers, VoIP vendors, and VoIP providers.
âDespite the advantages of VoIP, if the technology is not implemented properly and securely, we will likely circumvent existing security controls and expose our networks,â said Brian Kelly, director of Giuliani Advanced Security Center at Ernst & Young. âThis alliance is an important initiative to help us leverage the technology while understanding and managing the risks.â
Joseph Curcio, vice president of security technology development at Avaya, said, âOnce the decision is made to put VoIP at the heart of their business, companies need to address security holistically â at the applications, systems and services layers. Avaya believes the VoIP Security Alliance will enable businesses to experience the benefits of IP, while ensuring network security and preserving business continuity.â
âVoIP is starting to gain momentum in the market, but proactively addressing security concerns will help drive widespread adoption,â said Gerhard Eschelbeck, VP of Engineering and CTO of Qualys. âQualys is excited to participate in an industry-wide effort to continue this work and develop solutions to meet the security requirements of VoIP.â
âVoIP has the potential of becoming widely deployed in critical infrastructure, and without an active community in VoIP security, the quality and reliability of VoIP can easily regress into the patch-and-penetrate race we have had to witness with other widely deployed communication software," said Ari Takanen, CEO and co-founder of Codenomicon Ltd. âSince 2002, we at Codenomicon Ltd. and our research partner, the University of Oulu, have been actively working with VoIP security by issuing both free PROTOS test-suites and commercial testing tools for improving VoIP security and robustness.â
âEnterprises are rolling out VoIP solutions to reduce costs and increase operating efficiencies, but this also introduces new security risks that could negate those savings and demand increased resources if not managed properly,â said Martin Roesch, creator of Snort and founder and CTO of Sourcefire. âWe are optimistic that this group will result in stronger solutions that help end users better protect their assets.â
âVoIP has finally arrived, and vulnerabilities in devices and services which enable this technology need to be discovered and mitigated,â said Ron Gula, CTO of Tenable Network Security.
âThe VoIP Security Alliance is a practical framework for accelerating IP telephony adoption," said Dave Hattey, 3Com vice president and general manager, enterprise voice solutions. "As a charter member, we believe it is our duty to advance this alliance and its principles for the betterment of VoIP security.â
âLast year, TippingPoint announced the formation of a VoIP Security Research Lab to discover and analyze VoIP threats,â said TippingPointâs Chief Technology and Strategy Officer Marc Willebeek-LeMair. âVOIPSA is the culmination of our efforts to work alongside VoIP leaders to analyze weaknesses in VoIP architectures and discover new vulnerabilities through functional protocol testing. VOIPSAâs research will facilitate better education for the industry and help reduce the risk of threats.â
TippingPoint is providing an administrative service in forming VOIPSA, recruiting members and facilitating VOIPSA meetings. TippingPoint is also contributing a VoIP security testing tool it developed to find and research VoIP vulnerabilities in hopes it can be enhanced and further developed through VOIPSA.
More information about the Voipsec