People ask all the time "how do I secure my VoIP system?" I try to tell them that for the most part, it comes down to good data network security, along with understanding certain issues that are unique to VoIP. I also explain, that while some additional products, like firewalls, IDS/IPS systems, and application firewall can help, they don't do much good if you don't have good passwords, have non-secure management interfaces, are using TFTP, etc., etc. It also doesn't make a lot of sense to spend a bunch of time and money on features like encryption, to improve privacy, when you haven't fixed the basic security problems.
We have concluded that what enterprises really need now is help from people that know VoIP security. This includes capable integrators and organizations like SecureLogix, who can come in and perform an independent VoIP security assessment. We now offer a service, where our VoIP security consultants will travel to enterprise site, and conduct a comprehensive assessment of the VoIP system. This includes a discover process, followed by testing of the platforms, network, and application/configuration. We deliver detailed and summary reports and will also assist the customer with their security polices/checklists. We also deliver executive and technical presentations.
I won't spend a lot of time describing it here. If anyone would like more information, just drop me a line.