i think we'll see a lot of successful companies coming out of the voip space next year, but not service providers (ones that remain independant anyway).

two big issues will be spit (spam over internet telephony) and security.

companies that do a good job building clever software that suitably deals with those two problems are going to be guaranteed sure-fire success.

tippingpoint might just be one of them. a good pedigree (wholly owned subsidiary of 3com) and their efforts at the moment are squarely on the web 2.0 buzzwords of the moment - voip/im and p2p.

quote:
tippingpoint is the only intrusion prevention system to offer voip security, bandwidth management, peer-to-peer protection, and default "recommended settings" to accurately block malicious traffic automatically upon installation without tuning.



they also founded the voip security alliance :-

quote:
history shows us that advances and trends in information technology typically outpace the corresponding realistic security requirements, which are often tackled only after these technologies are widely deployed. voice over ip (voip) is no different. as voip's popularity increases, so will its exposure to current and emerging security threats.

the voice over ip security alliance (voipsa) aims to fill the void of voip security related resources through a unique collaboration of voip and information security vendors, providers, and thought leaders.


someone has their eye on the ball.

siemens also announced today that the deal they did with 3com to use tippingpoints applications for it's voip customers, currently a usa only arrangement, could well be given more worldwide coverage.

dean

a little bit more on security issues and how they affect voip. i read an interesting article today on silicon.com.

nortel are anticipating a big uplift in hacks to voip systems over the next two years:-

quote:
atul bhatnager, vp of enterprise networks, said: "voip attacks are still at an early stage but as hackers become more savvy you'll see similar things as on the data side; denial-of-service attacks or spam on voip.

"i would say [this will occur] in the next two years as adoption is increasing. this is the right time to put the defences in place as the use of voip will be rigorous over the next two or three years. we've learned a lot of lessons on the data side which can be applied to the voice side."


in terms of dealing with the issue, bhatnager goes on to say:-

quote:
....deep-packet inspection - a method of checking every ip packet entering a network for unusual properties, in much the same way airport security checks every passenger - is an essential part of protecting networks against voip attacks.


paul simmonds of ici told silicon.com:-

quote:
"i'd say get your act together now and be prepared."


on the other hand, joel horowitz, vice president of masergy, a voice and video network provider, considers worrying about it when it happens:-

quote:
"the minute it starts we'll find a way of stopping it happen. i think we'll start encrypting everything."


http://software.silicon.com/security/0, ... 478,00.htm

i wonder. it strikes me a lot of the so called 'security measures' are really approaching the problem from the wrong end.

deciding if a packet of data is one you want after you have got it is really a tad late and puts more load on what is already a busy system, which ups the potential for yet another dos attack.

the same largely goes for deploying encryption as well, a pc has to encode and decode the data and it takes a lot of processor horsepower for something that for most users is irrelevant.

what is really needed is to prevent the aliens being launched in the first place, or at least stopping them before they go anywhere.

in the absence of a chopper load of us marines storming down the chimney of every teenage nerd who tries to hack into the cia, most of the problems should perhaps be solved by a much simpler verification of where the data comes from and to and how much of it there is. which ought to be done at the tcp layer, not by adding great gobs of extra rubbish to each packet.

sadly it all comes back to tcp/ip not being designed to be secure in the first place.