As VoIP technology matures, more IT departments have made the jump to integrate VoIP into their enterprise communication systems. But, before an organization fully commits to the technology, it should perform a risk assessment, paying close attention to any security measures needed to protect these IP-based voice networks. For telephone systems where controlled access throughout the communications infrastructure isn't necessary, services that leverage machines on the public Internet could be a cost-effective choice. However, for systems where secured network control is critical, VoIP networks based on private enterprise infrastructures should be considered. This article focuses on the security measures associated with private-enterprise-based VoIP networks.