SPIT Pre-EmptionSPIT Pre-Emption
Once again via the invaluable VOIPSA , comes word that some IETF members are exploring a more formal effort to pre-emptively deal with the nascent problem of SPIT (spam over IP telephony), with a proposed BoF session at the next IETF meeting. Enterprises and their vendors should support any effort to have defenses in place for this next generation of spam.
February 4, 2008
Once again via the invaluable VOIPSA, comes word that some IETF members are exploring a more formal effort to pre-emptively deal with the nascent problem of SPIT (spam over IP telephony), with a proposed BoF session at the next IETF meeting. Enterprises and their vendors should support any effort to have defenses in place for this next generation of spam.
Once again via the invaluable VOIPSA, comes word that some IETF members are exploring a more formal effort to pre-emptively deal with the nascent problem of SPIT (spam over IP telephony), with a proposed BoF session at the next IETF meeting. Enterprises and their vendors should support any effort to have defenses in place for this next generation of spam.I keep harping on this topic because, unlike a lot of the VOIP security issues you hear about, it really does seem like just a matter of time until spam crosses the species barrier into voice. Why wouldn't it, especially if it can be done in such a way as to evade current laws, and--more importantly--if nobody is ready for it, just as nobody was ready for email spam in the beginning.
And as several security experts have pointed out, filtering voice spam is even harder, because the filtering decision has to be made in real time. And even more troubling, if voice is going to become a crucial component of mission-critical business applications, as the Unified Communications vision suggests, real-time networks can't afford to be crippled by the kind of resource diversion/consumption that unchecked spam represents.
To me, this is one problem that it's hard to underestimate. The scary stories about man-in-the-middle attacks, where somebody injects packets to alter a conversation, or captures secret data--those attacks might happen, but the companies most at risk probably are most ahead of the curve in dealing with it: Financial firms and the like. Voice spam has the potential to affect everyone, which is exactly why it's so appealing to the spammers in the first place.
Rather than waiting until the problem becomes another massive drain on networks and productivity, the industry should build pre-emptive defenses against voice spam.
