For all the seriousness of these problems, there are preventative steps that can be readily taken. Some are as simple as turning off Microsoft Corp.s Internet Information Services if its not needed, since 80 percent of the attacks on Windows are aimed at IIS, according to Moore. "That alone makes Windows as secure as Linux," he said. Modern routers also include features that can stop attacks such as denial-of-service and man-in-the-middlethough of course configuring these adds to the difficulty of setup. "There is always a cost for security, whether its in dollars or in complexity," Moore said. Its a different matter with voice over wireless LAN, where the biggest issue is quality of service rather than security. Even without extra security measures, the typical WLAN tends to fall over under the burden of more than one or two voice conversations, according to industry observers. When security measures such as VPNs are introduced, it gets worse: "You move to a different subnet, and the VPN no longer recognizes you," said HP VOIP Program Manager Marie-Paule Odini.IP systems can be more robust than traditional phone networks, said Moore: "After 9/11, the PBXs went down and the VOIP systems stayed up. Disaster recovery is easier with IPPBXs." The security debate can be something of a distraction from the real issues of VOIP, said Cosquer. "There is not really a choice between IP and traditional networks," he said. "IP is what the research and development resources are going into. We are going to have a good IP-based infrastructure." Check out eWEEK.coms VOIP & Telephony Center at http://voip.eweek.com for the latest news, views and analysis on voice over IP and telephony.
Then again, the vulnerabilities of "open" Internet Protocol must be put into perspective against those of the "closed" public switched telephone network. "Somebody can go outside my house and listen to my calls in 5 seconds," said Cosquer. He noted that most people dont bother encrypting their e-mail, and dont think twice about discussing important deals on their cell phones in public places such as trains and airports. "Encrypt VOIP, why not? But lets not lose track of what assets we are trying to protect here," he said.