VoIP security and SIP trunking are seen as bright spots in the otherwise dismal telecom equipment space, analysts say. And, interestingly, they feed into one another: As more SIP solutions are deployed in big networks, experts expect more VoIP network security risks. (See A Pivotal Year for SIP Services and VoIP Security Vendors Watch & Wait for the Worst.)

SIP trunking is becoming more popular because it allows companies to communicate over IP outside the enterprise. This saves money by allowing companies to add new branch offices without requiring point-to-point circuits to be provisioned. And companies can avoid the local phone network (and its associated toll charges) completely when calling other VoIP phones. (See Branching Out Into SIP Trunking.)

"Given that SIP trunking allows for the use of IP trunks versus leasing telco facilities, SIP trunking should be a money saver," says Heavy Reading analyst Jim Hodges, who chairs a one-day conference on SIP services next month. "It also allows users to more effectively combine voice and data on a single facility."

Hodges says savings generated from the use of SIP trunking range considerably. He cites savings of from 40 to 80 percent when compared with using leased facilities, due in large part to the pricing differences in leased facilities around the world.

But there is a potential pitfall: Network operators, VoIP technology vendors, their enterprise clients, and others are bracing for what could be an onslaught of security breaches targeting enterprise VoIP networks. A recent Light Reading VOIP Services Insider report -- "VoIP Security: Vendors Prepare for the Inevitable" -- suggested that a breach of VoIP networks could surface within the next 12 to 18 months.

Why the security worries? Well, some companies just aren't prepared.

The Insider report cites one VoIP security vendor, who noted that, while companies will spend on Web and email applications that need specialized security controls to handle threats like malicious or inappropriate content or spam, they won't be as quick to secure their VoIP networks.

But more awareness of the issue in recent months has helped. "Not all operators or enterprises have been slow to address security, but given IP and SIP are susceptible to security breaches, it is an increased area of focus for all users," says Heavy Reading's Hodges.

The security holes in a VoIP network are numerous and will no doubt be talked about in more detail at the VoiceCon event next month. The threats include denial-of-service attacks from spammers as well as rogue VoIP gateways and illegitimate handsets using IP networks. Hackers also could turn their attentions toward Microsoft Office Communications Server to exploit connections for instant messages, email addresses, and buddy lists in an effort to create bottlenecks and launch attacks. There’s even a fear of Voice Over Misconfigured IP Telephony -- or "VOMIT."

But there are plenty of vendors stepping up to prevent and fight off VoIP attacks. "There are multiple hardware and software approaches such as implementing standards-based security access," says Hodges. "There are also firewalls that can be deployed, and finally there are solutions available to monitor applications for spikes in usage."

Last month's issue of the Light Reading Insider profiles a dozen vendors working to prevent VoIP attacks, including Acme Packet Inc. (Nasdaq: APKT), Cisco Systems Inc. (Nasdaq: CSCO), Covergence Inc. , IBM Corp. (NYSE: IBM), UM Labs Inc. , and VoIPshield Systems Inc.

— Michael Hopkins, Special to Light Reading