There’s nothing that gets people "up in arms" than terrorism. In the spirit of keeping terrorists away, here is the "Security Attack of the Day" so you can plan to accordingly.

SIP-Specific Event Notification as described in RFC-3265 is the ability to request asynchronous notification of events. "This proves useful in many types of SIP services for which cooperation between end-nodes is required. Examples of such services include automatic callback services (based on terminal state events), buddy lists (based on user presence events), message waiting indications (based on mailbox state change events), and PINT (PSTN-Internet Internetworking) (based on call state events). The general concept is that entities in the network can subscribe to resource or call state for various resources or calls in the network, and those entities (or entities acting on their behalf) can send notifications when those states change." The following is an example of a type of attack based SIP-Specific Event Notification. The animated tutorial can found at http://blog.tmcnet.com/cross-talk/

A Hacker sends a "Messages-Waiting: yes" messages to all phones in a SIP-network. Phone process this NOTIFY status message and initiates icon/blinking Message Waiting display. Users initiate access to voicemail system leading to system overload. Since no new voice messages are found users initiate support calls wasting time on unfounded problem.

The complete details and recommendations for SIP and other types of VoIP security can be found in the SIP Essentials and OCS-Office Communications Server classes. For more go to http://www.techtionary.com