Session Initiation Protocol (SIP) has become in recent years a common choice regarding voice communication services because it is a cost effective solution and offers multiple features. Unfortunately, security is not one of them by default. In general, SIP-based solutions implemented in companies or as services on the internet do not offer any kind of privacy or confidentiality. Most companies that use SIP systems rely on the protection offered by a firewall between the LAN and the WAN. Some probably view this as a good compromise. However, when taking into account the fact that a good percentage of the attacks on IT systems come from inside the LAN, it becomes obvious that just the firewall is not enough and in this case not only the IT services are affected, but so do the voice communications system. Because SIP is a text-based protocol similar to HTTP, an attacker can find out not only information like the IP addresses of the phones and of the SIP system but also when, with whom, how long and what someone has talked on the phone.