[VOIPSEC] Has TippingPoint released their VOIP tools according to the PR release??

David Endler dendler at tippingpoint.com
Fri Feb 25 09:53:12 CST 2005 

Hi Mark,

> "TippingPoint is also contributing a VoIP security testing 
> tool it developed to find and research VoIP vulnerabilities in 
> hopes it can be enhanced and further developed through VOIPSA."

We have not released any of our VoIP testing tools publicly yet.  Once the VOIPSA committees and projects are formalized in the near future, we will make them available to the appropriate testing tool project leader(s).  It's my guess that they would be incorporated into a larger user-friendly testing framework that VOIPSA releases later.  Stay tuned.

-dave

David Endler
Director of Digital Vaccine
TippingPoint, a division of 3com
7501 B North Capital of Texas Hwy
Austin, TX 78731




-----Original Message-----
From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org]On
Behalf Of Mark Teicher
Sent: Friday, February 25, 2005 8:52 AM
To: voipsec at voipsa.org
Subject: [VOIPSEC] Has TippingPoint released their VOIP tools according
to the PR release??


"TippingPoint is also contributing a VoIP security testing tool it developed to find and research VoIP vulnerabilities in hopes it can be enhanced and further developed through VOIPSA."

Monday, February 07 2005 @ 10:50 AM CST 
Contributed by: ByteEnable

 
 The industryâEUR(tm)s first Voice over Internet Protocol (VoIP) Security Alliance was launched today in conjunction with leading VoIP vendors, providers, security researchers, and thought leaders to discover and reduce VoIP security risks. Some of the charter members include 3Com, Alcatel, Avaya, Codenomicon, Columbia University, Ernst and YoungâEUR(tm)s Guiliani Advanced Security Center, Insightix, NetCentrex, Qualys, SecureLogix, Siemens, Sourcefire, Southern Methodist University, Spirent, Symantec, the SANS Institute, Tenable Network Security, and TippingPoint.

The growing convergence of voice and data networks only serves to exacerbate and magnify the security risks of todayâEUR(tm)s traditional prevalent cyber attacks. Successful attacks against a combined voice and data network can cripple an enterprise, halt communications required for productivity, and result in irate customers and lost revenue. As VoIP deployments become more widespread, the technology becomes a more attractive target for hackers, increasing the potential for harm from cyber attacks. The emergence of VoIP application-level attacks will likely occur as attackers become more familiar with the technology through exposure and easy access. 

The VoIP Security Alliance (VOIPSA) aims to help organizations understand and avoid VoIP security risks through discussion lists, white papers, sponsorship of VoIP security research projects, and the development of tools and methodologies for public use. VOIPSA is the first and only group solely and holistically dedicated to VoIP security backed by a wide spectrum of organizations represented by universities, security researchers, VoIP vendors, and VoIP providers. 

âEURoeDespite the advantages of VoIP, if the technology is not implemented properly and securely, we will likely circumvent existing security controls and expose our networks,âEUR said Brian Kelly, director of Giuliani Advanced Security Center at Ernst & Young. âEURoeThis alliance is an important initiative to help us leverage the technology while understanding and managing the risks.âEUR 

Joseph Curcio, vice president of security technology development at Avaya, said, âEURoeOnce the decision is made to put VoIP at the heart of their business, companies need to address security holistically âEUR" at the applications, systems and services layers. Avaya believes the VoIP Security Alliance will enable businesses to experience the benefits of IP, while ensuring network security and preserving business continuity.âEUR 

âEURoeVoIP is starting to gain momentum in the market, but proactively addressing security concerns will help drive widespread adoption,âEUR said Gerhard Eschelbeck, VP of Engineering and CTO of Qualys. âEURoeQualys is excited to participate in an industry-wide effort to continue this work and develop solutions to meet the security requirements of VoIP.âEUR 

âEURoeVoIP has the potential of becoming widely deployed in critical infrastructure, and without an active community in VoIP security, the quality and reliability of VoIP can easily regress into the patch-and-penetrate race we have had to witness with other widely deployed communication software," said Ari Takanen, CEO and co-founder of Codenomicon Ltd. âEURoeSince 2002, we at Codenomicon Ltd. and our research partner, the University of Oulu, have been actively working with VoIP security by issuing both free PROTOS test-suites and commercial testing tools for improving VoIP security and robustness.âEUR 

âEURoeEnterprises are rolling out VoIP solutions to reduce costs and increase operating efficiencies, but this also introduces new security risks that could negate those savings and demand increased resources if not managed properly,âEUR said Martin Roesch, creator of Snort and founder and CTO of Sourcefire. âEURoeWe are optimistic that this group will result in stronger solutions that help end users better protect their assets.âEUR 

âEURoeVoIP has finally arrived, and vulnerabilities in devices and services which enable this technology need to be discovered and mitigated,âEUR said Ron Gula, CTO of Tenable Network Security. 

âEURoeThe VoIP Security Alliance is a practical framework for accelerating IP telephony adoption," said Dave Hattey, 3Com vice president and general manager, enterprise voice solutions. "As a charter member, we believe it is our duty to advance this alliance and its principles for the betterment of VoIP security.âEUR 

âEURoeLast year, TippingPoint announced the formation of a VoIP Security Research Lab to discover and analyze VoIP threats,âEUR said TippingPointâEUR(tm)s Chief Technology and Strategy Officer Marc Willebeek-LeMair. âEURoeVOIPSA is the culmination of our efforts to work alongside VoIP leaders to analyze weaknesses in VoIP architectures and discover new vulnerabilities through functional protocol testing. VOIPSAâEUR(tm)s research will facilitate better education for the industry and help reduce the risk of threats.âEUR 

TippingPoint is providing an administrative service in forming VOIPSA, recruiting members and facilitating VOIPSA meetings. TippingPoint is also contributing a VoIP security testing tool it developed to find and research VoIP vulnerabilities in hopes it can be enhanced and further developed through VOIPSA.
 




_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org

More information about the Voipsec mailing list