Security in traditional telephony is quite limited and much less effective than that of modern data systems. Security in IP telephony applications is infinitely controllable and expandable due to its basis in software
Snooping and phreaking are fairly easy in traditional telephony environments
Call detail records and call accounting can provide forensic data when investigating an instance of system abuse
A properly configured and well- tested dial-plan is a good way to prevent anonymous abuse
Credentials and authentication are often required in order to use IP telephony applications, just as they are required to use other kinds of applications
MD5 hashing is a good way to hide passwords from casual observation, and most SIP implementations support authenticating endpoints using MD5-encrypted credentials
Media encryption can stop would-be eavesdroppers from listening in on your VoIP conversations
Software maintenance is crucial with VoIP servers in order to avoid virus and worm attacks that exploit known vulnerabilities.
Hardening VoIP servers is important, just as it is in any other mission-critical application
Removing unnecessary software and optimizing local firewall policy are two elements of hardening a server
DMZs can provide limited, controlled access to a softPBX from the Internet and from a private network. A server on a DMZ is a bastion host
Intrusion prevention is accomplished through regular testing for known vulnerabilities and through vigilant monitoring of logs
iptables can be used to configure VoIP-specific logging with the help of syslog. To read VoIP logs from syslog in Red Hat Linux, use the dmesg command
SNMP can be used to assist you in monitoring a VoIP network
Packet-log reading can be used to "dig deeper" when you suspect illicit access on your network