Voice over I Ptechnologies can help to cut communications costs significantly and bring lots of new features to enrich communications. However, corporations shouldn't overlook the security risks that can crop up when the voice and data worlds converge.

With VOIP, voice traffic is carried over a packet-switched data network via Internet Protocol. VOIP networks treat voice as another form of data but use sophisticated voice-compression algorithms to ensure optimal bandwidth utilization. As a result, VOIP networks are able to carry many more voice calls than traditional switched circuit networks. VOIP also enables enhanced services such as unified communications. At the same time, VOIP communications are exposed to the similar security threats as other data communications over the Internet technologies. The typical VOIP security threats are:

• Toll fraud, increasing costs
• Hacker utilizes PBX for long-distance calls
• Eavesdropping or man-in-the middle attack
• Voice calls unknowingly intercepted and altered
• DOS attack on SIP-servers/PBX, IP-Phone
• All voice communications fail due to DoS or DDoS
• Unauthorized access to PBX or voice mail system
• Hacker listens to voice mails, accesses call logs, company directories
• Worms/Trojans/viruses on IP phones, SIP Server
• Infected PBX and/or phones rendered useless

Securing voice traffic on IP based networks isn't very different from securing any data traffic on an IP network.  The most important solutions to protect the VOIP traffic are:

1. Encrypt data to avoid voice intercept and alter
2. Install firewall and anti malware solutions in the network and host to avoid possible intrusion and DoS
3. Enhance security in critical components such as PBX and voice mail system to avoid possible unauthorized access 
4. Implement and use the security features offered by the VOIP technologies, for example H.235.

Table 1: H235 Annex D - Baseline Security Profile

Table 2: H235 Annex E – Signature Security Profile