As we\u2019ve already discussed, the most impressive finding in the soon-to-be-released 2004 Webtorials VoIP Report is that security concerns have leapfrogged other factors - even budgetary issues - to become the primary impediment to deployment. As it turns out, concerns about security of the infrastructure outweigh concerns about conversation content. Nevertheless, there is considerable concern about conversations being intercepted as well.We find this to be most curious. Exactly how much security is needed for ordering a pizza - even if you have to give a credit card number? During a recent briefing, a network security vendor told us, \u201cEverybody knows that it\u2019s easier to intercept a call with VoIP than with traditional telephony.\u201d This is simply not true.Intercepting a call in the public switched telephone network (PSTN) is a piece of cake. You can even buy an analog \u201cbutt set\u201d at your friendly local hardware store. Digital signals are in decades-old TDM formats. And encrypting conversations end-to-end takes special equipment.Let\u2019s contrast this with VoIP conversations. You have to somehow tap the information in a data format. Then you have to pick it out of a packet stream rather than a TDM format. Then you have to decode which coding algorithm is used. And many programs - even free programs and services like Skype - encrypt conversations.While we can never tell you not to be concerned about security - that\u2019s a decision you must make for yourself - we do urge you to consider the following:1) The least secure portion of a VoIP (or traditional) conversation is the truly \u201cwireless\u201d portion. No, we\u2019re not talking about cell phones or WLAN. We\u2019re talking about the part of the conversation going through the air from your mouth to the mouthpiece. People get excited about encryption - then they sit on a crowded plane and discuss business deals.2) It\u2019s true that protecting the VoIP infrastructure is a major issue. So make sure you put your efforts where the biggest risk is. Protect the equipment and the integrated applications. Protect the signaling path.3) Is there possibly too much security available? Does the ease of encrypting VoIP conversation content actually cause more problems than it solves by making it even more difficult for legitimate law enforcement organizations to monitor illegal activities?We would love to hear your experiences and attitudes on this.