Unified communications opens up your VoIP network to new avenues of collaboration, including instant messaging, video, business applications and e-mail. And that opens up your network to new avenues of attack.

Read Network World's test of Avaya's UC platform.

While the biggest actual threats to VoIP networks remain attacks to the underlying IP network infrastructure, UC opens up new angles of attack by creating connections between VoIP networks and corporate data networks.

Typically, most corporate deployments these days try to segregate VoIP as much as possible, creating islands that protect the voice network by broadly restricting access for devices unnecessary to supporting calls, says Ted Ritter, an analyst with Nemertes Research.

Unified communications changes all that. "With UC, by definition you are opening up your infrastructure and focusing on collaboration, reaching outside the enterprise to trading partners and customers," Ritter says.

Eavesdropping, altering conversations, stealing phone access to commit toll fraud and flooding targeted extensions with calls - all of which were possible before - become easier, he says.

Don't ignore basic IP-network attacks

In reality, however, few of these theoretical VoIP-specific attacks have occurred in the wild, says David Endler chairman of Voice Over IP Security Alliance and senior director of security research at Tipping Point. Endler has co-authored a book about such attacks called "Hacking VoIP Exposed", but acknowledges that the basic step of protecting the IP network that underpins VoIP is still the best protection.

"People may tend to look at some of the sexier types of attacks out there to prevent them - things such as eavesdropping or impersonation or caller ID spoofing - the truth is the most prevalent threat right now is the very basic network-level type of attacks," Endler says.

Still, businesses deploying VoIP should be aware of security cracks that UC can open up, says Stuart McLeod, the course director for IT training firm Global Knowledge who teaches its VoIP security courses. "Security is always about having as many layers of obstacles as possible between the hacker and his goals. We lose a couple once you move to unified communications," he says.