There are also disruptive applications such as peer-to-peer voice apps from Skype and other providers. "There's a host of VOIP apps that will likely infiltrate enterprises that don't fit into the standard enterprise VOIP model," says David Endler, director of security research at IPS provider TippingPoint, now part of 3Com, and chairman of the VOIP Security Alliance, an organization of VOIP and security vendors looking to advance security research.

Skeptics also point out that many of the security measures suggested by VOIP vendors are neither especially practical nor widely used. "Sure you can implement voice and signaling encryption and strong authentication, but they're a pain in the butt to configure," says SecureLogix's Collier. Brian Ham, CTO of Sentegrity, an IT security provider, observes that current key exchange standards such as the Diffie Hellman key agreement protocol don't scale well for widespread VOIP authentication and encryption: "If you look at forums, bulletin boards, and industry leaders, everyone is asking, 'How can we do proper key exchange?'" Sentegrity offers its own lightweight key exchange solution.

Just because there haven't been any widely publicized attacks on IP telephony yet doesn't mean they aren't happening. BorderWare has made it known that call centers and financial insitutions have already come under attack, but officials there are not about to name names.

"Typically you don't see widespread threats until a technology is widely deployed and tools are made available to the masses to automate attacks," Collier says. Endler agrees: "As applications are more widely deployed, they become sexier targets." VOIP security vendors such as BorderWare, SecureLogix, and even TippingPoint are offering specialized VOIP firewalls and IPSes that target the application layer exploits that are likely to affect VOIP down the road.

Ultimately, VOIP may start to suffer the same types of invasions that plague e-mail, instant messaging, and other types of PC communications. The good news is that VOIP and security vendors are jumping on the problems early. "There's no question that VOIP security options are getting better and better very quickly," Kuhn says, adding that the benefits of converging voice with data applications are so great that it's unlikely security issues will thwart deployment.