What will generate the real heat in '06? Let's start with VoIP security

OK, it's the time of year when pundits are supposed to talk about the Issues that Alter and Illuminate Our Times. Boring. Instead, let's talk about the issues that will give us indigestion and keep us up at night. There will be plenty.

Issue No. 1 is the Dark Side of VoIP. Everyone likes free stuff, and there will still be a lot of free VoIP this year, even with the cable companies blowing past everyone else in revenue generation. But this also will be the year that corporations earnestly begin blocking Session Initiation Protocol and Skype calling, that lawsuits hit providers that have failed to respond to 911 calls and that some players are threatened with injunctions for not complying with the Communications Assistance for Law Enforcement Act. It will be the year of voice spam and of the first Trojans, viruses and scams targeted at VoIP rather than at browsers. For the enterprise, there will be denial-of-service attacks on VoIP trunks and even a few call-hijacking scams.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

OK, it's the time of year when pundits are supposed to talk about the Issues that Alter and Illuminate Our Times. Boring. Instead, let's talk about the issues that will give us indigestion and keep us up at night. There will be plenty.

Click to see: Crystal ball 2006 logo

Issue No. 1 is the Dark Side of VoIP. Everyone likes free stuff, and there will still be a lot of free VoIP this year, even with the cable companies blowing past everyone else in revenue generation. But this also will be the year that corporations earnestly begin blocking Session Initiation Protocol and Skype calling, that lawsuits hit providers that have failed to respond to 911 calls and that some players are threatened with injunctions for not complying with the Communications Assistance for Law Enforcement Act. It will be the year of voice spam and of the first Trojans, viruses and scams targeted at VoIP rather than at browsers. For the enterprise, there will be denial-of-service attacks on VoIP trunks and even a few call-hijacking scams.

What do you think? Discuss the dark side of VoIP and other topics in the forum on this column.

VoIP security isn't the same as IP or Internet security. There are tremendous differences among VoIP providers with respect to the security precautions they take with your information and traffic and their own infrastructures. Attacks are targeted at publicity, which means things that are widely used are more likely to be attacked. VoIP will become more widely used this year, which means we'll have to face the security issues for real.

Some of VoIP's issues could be resolved without attacking the second and perhaps more difficult issue: the very nature of a public IP infrastructure such as the Internet. Anyone who reads the papers knows that public carriers now dominate IP investment, and these providers are not looking to deploy free services for others to exploit. The success of the IPsphere Forum (formerly the Infranet Initiative Council) in attracting enthusiastic carrier support speaks to the determination of the major network players to make IP a business, as TDM, frame relay and ATM were before it.

The question of whether public network services should be free is a public-policy issue that's decided by the business structure that regulations put into place. Carriers are public corporations and thus are bound to the profit motive. Those who believe that the Internet should be free need to pursue the notion of carrier nationalization, the elimination of private enterprise in the services market. If that doesn't sound practical, we have to move beyond mythology and expect these guys to make a buck.

That means getting standards groups such as the IETF, which have forsworn any accommodation to regulation or profit in their work, to get real. The IETF has done a lot for us, but it has marginalized itself with an unrealistic attitude. That's what has made the IPsphere Forum popular: It's realistic. If we lose the IETF, we lose the popular voice of the Internet. Can the body save itself in 2006?