[VOIPSEC] FYI - VOIPSA "VoIP Security Best Practices" project to launch this week
dan_york at Mitel.com
dan_york at Mitel.com
Tue Nov 28 13:32:39 CST 2006
VOIPSEC readers,
As I just posted on the VOIPSA blog a few minutes ago:
http://voipsa.org/blog/2006/11/28/voipsa-voip-security-best-practices-project-to-launch-this-week-join-the-mailing-list-now/
we will be launching the "VoIP Security Best Practices" project this week.
The project page is available at:
http://www.voipsa.org/Activities/bestpractices.php
The stated objective is:
This project aims to define a common set of industry-wide ‘best practices’
for securing VoIP systems against the threats outlined in the Threat
Taxonomy. While specific practices will vary according to vendor and
architecture, the document created by this group will provide an overall
view of how best to secure VoIP systems.
In the end, our intent is to have a document that can be printed out and
that can serve as a companion to the Threat Taxonomy. Development will
take place through a separate mailing list as well as the VOIPSA wiki.
Participation is open to all interested, regardless of background and
experience. We'll need people to contribute technical information across
a range of subjects, but we'll also quite frankly need people to edit
text, check references, etc. We're not trying to make a giant
document... just one that can concisely provide guidance to people
concerned about securing VoIP systems.
Right now I'm still getting the back-end set up, but if you think you
would like to participate in the project, please do the following:
1. Join the "bestpractices" mailing list at:
http://voipsa.org/mailman/listinfo/bestpractices_voipsa.org
2. IF you think you will want to participate in the actual writing - or
will want to comment on what others write, register for an account on the
VoIPSA wiki at: http://wiki.voipsa.org/tiki-index.php
If you previously had an account for assisting with the Threat Taxonomy,
that account will work perfectly fine. (Your trick may be to remember your
password.)
NOTE: You do NOT need to join the wiki if you just want to *view* the Best
Practices as they evolve. You only need to create a wiki account if you
think you will want to *comment* on pages or assist in the direct editing.
Viewing is open and public. Commenting/editing requires registration.
Also note that this is by no means the last you'll hear of this here on
VOIPSEC. :-) As we reach certain levels of completeness, I'll post
messages here and also on the VOIPSA blog.
Later this week I will send a message to the mailing list starting the
discussion.
Thank you for considering assisting with the project,
Dan
P.S. Jonathan and I also discussed this a bit on Blue Box podcast #45
earlier this month:
http://www.blueboxpodcast.com/2006/11/blue_box_45_voi.html
--
Dan York, CISSP
Dir of IP Technology, Office of the CTO
Mitel Corp. http://www.mitel.com
dan_york at mitel.com +1-613-592-2122
PGP key (F7E3C3B4) available for
secure communication
More information about the Voipsec
mailing list