Do VoIP vendors differ in their network security offerings? What should buyers know?

Do not rely on VoIP vendors to secure your network. Most VoIP attacks are to the local network not to the carrier. Here are some common attacks:

1. Toll-fraud - Hackers are trying to make money one way to do this is to take ownership of your PBX to have your phone system route calls for them. These calls are usually to high cost International destinations (i.e. Africa & the far east). These can lead to some very large long distance bills. This is not something your VoIP carrier can prevent the only thing they can do is catch and block your International calling until you fix your network. There are a few simple steps to keep this from happening. 1) manage your phone registration security closely, 2) have a VoIP specific firewall (we use InGate) 3) get help from someone who has done it before.

2. SIP Denial of Service Attack - This is where someone uses a scanning tool to flood your PBX with so many request that it fails. Use a VoIP specific firewall and get help from a VoIP technician.

3. Disgruntled Internal Employee breaks stuff - Have strong internal security. Lock stuff down.

I know people like to focus on the fear uncertainty and doubt (FUD) that we all have of someone listening to our calls, but as a VoIP professional for over 10 years, I can tell you the vast majority of issues are the three I mentioned above.

All of the measures I mentioned to avert the issues, are standard security practices. Have strong passwords, a competent firewall and well though out policies and you will be fine.