Abstract Within the traditional telephone system a certain level of quality and security has been established over the years. If we try to use IP Telephony systems as a core part of our future communication infrastructure (e.g. as classical PBX enhancement or replacement) continuous high availability, stable and error-free operation and the protection of the privacy of the spoken word are challenges, that definitely have to be met. Since manufacturers start deploying new end systems and infrastructure components rather fast now - a critical inspection of their security features and vulnerabilities is mandatory. The critical presentation of the theoretical background of certain vulnerabilities, testing and attacking tools and the evaluation results reveals, that well-known security flaws become part of implementations in the new application area again and the security level of a number of examined solutions is rather insufficient.