Ward’s advice really rings true (sorry for the telecom geek pun, it couldn’t be helped!) His “Baker’s Dozen SIP Security Checklist” makes perfect sense. That doesn’t mean that I can’t add my own two cents.
Many people are using ITSPs that must have a credit card to refill access to calling services. Ward advices to turn off auto-billing that charges your card every time your account balance drop below a certain threshold.
Borrowing an idea from the early days of online shopping, I also suggest that you use a card with a deliberately low credit limit. That way even if you allow auto-refills you can limit the maximum amount that your calling plan can consume before you notice the exploit.
I also like the idea of using a VPN based solution to encapsulate SIP traffic. I’ve done this myself and it works great.
Finally, I especially like his recommendation of using a third party service to leverage calling based upon SIP URIs. He recommends voip.ms where as I use OnSIP, but there are also others.
Of course, I have my own reasons for appreciating this idea. When you start making use of SIP URIs you are on a path to enjoying HDVoice calling. That you can achieve superior call quality and take a proactive stance with regard to security is massive benefit.