The SIP protocol, like HTTP, is inherently insecure. The developers of SIP did not design it with security in mind. All messages are passed in clear-text and easily captured by any packet sniffing application. The potential security risks are:
Private voice conversations can be captured and made public
Potential for unauthorized calls from the system
The ability to impersonate a caller
Disruption of voice services
Just as HTTPS was developed to address the security issues with HTTP, SIPS has been developed to address security shortcomings with SIP. SIPS utilizes Transport Layer Security (TLS). TLS provides an encrypted channel over which a system can send SIP messages. sipXecs has support for SIPS/TLS built into the system.
The problem with TLS is that all devices in the system (phones, gateways, and PBX) must support it. At this point of time, however, not all devices provide TLS support and thus it isn't widely utilized within the SIP network (LAN) environment. This is expected...