You won't believe where I've just read a very authoritative report on VoIP Security.
No, not one of those overpriced consultant reports- the ones you pay $2,995 for and come away from with a "tell me something I don't know" reaction.
Actually, this one is from a term paper, gleaned from journals available via the Rowan County Public Library in Salisbury, N.C.
Entitled "Sound Choices for VoIP Security," the paper is written by Jonathan Casteel. The 10-page PDF tome contains plainly written and authoritative info on such subjects as implementation flaws (Remote access, Malformed request DoS, Load-based DoS) and IP PBX vulnerabilities such as Operating system attack, Support software attack, Protocol attack, Application attack, Application manipulation, Unauthorized access,and Denial of Service.
Jonathan doesn't merely recite these attacks, but provides informative explanations.
A good example of my point would be in his description of Application manipulation in which he correctly states:
This form of attack exploits a weakness in a security area, such as weak authentication or poor configuration. A weakness of such nature can allow abuse of the voice service. Some examples of this type of an attack include registration hijacking or toll fraud.
This paper is free. Partake of Jonathan's knowledge now, because I have a feeling that not too long from now, he'll be one of those who write those $2,995 reports you are paying thru the nose for.