Voice over Internet protocol (VoIP) has become a popular alternative to traditional public-switched telephone network (PSTN) networks that provides advantages of low cost and flexible advanced ldquodigitalrdquo features. The flexibility of the VoIP system and the convergence of voice and data networks brings with it additional security risks. These are in addition to the common security concerns faced by the underlying IP data network facilities that a VoIP system relies on. The result being that the VoIP network further complicates the security assurance mission faced by enterprises employing this technology. It is time to document various security issues that a VoIP infrastructure may face and analyze the challenges and solutions that may guide future research and development efforts. In this paper, we examine and investigate the concerns and requirements of VoIP security. After a thorough review of security issues and defense mechanisms, we focus on attacks and countermeasures unique to VoIP systems that are essential for current and future VoIP implantations. Then, we analyze two popular industry best practices for securing VoIP networks and conclude this paper with further discussion on future research directions. This paper aims to direct future research efforts and to offer helpful guidelines for practitioners.