One of the major reasons voice-over-Internet-Protocol installations aren't growing even faster than they are is that customers are concerned that VoIP adds security holes to networks that already worry them, according to an analysis by Yankee Group's Zeus Kerravala.
VoIP devices are just as susceptible to denial-of-service attacks and other problems as other networked devices. Closing off VoIP-specific ports in a firewall can reduce the threat, but VoIP systems are significantly more vulnerable to buffer-overflow attacks than other nodes on the network when VoIP protocols aren't implemented correctly. Virtual LANs, quality of service functions and careful configuration can nix most of the threats, despite hype over threats and propaganda from competitors saying opening IP to voice is the greatest risk a network manager can run.
See the full version of this analysis at SearchVoIP.com