The launch of the new VOIP security courses comes as the number of VOIP hacking incidents, most notably in the US, has been rising steadily, Infosecurity notes.
According to the institute, the six-day course of IT security professionals has been something of a success since it was launched in the US last year.
In fact, says the institute, since the course was first advertised earlier this month to existing clients, the Europe course is already at 50% capacity.
Paul Henry, a SANS trainer and a veteran security forensics specialist, says that VOIP is a rapidly growing area due to the huge cost saving potential, but many organisations often fail to consider the security impact.
Henry points to examples such as arrests made in Budapest and London last year of 30 members of an organised criminal gang that allegedly stole €11 million through VOIP toll fraud.
The gang, he says, used thousands of stolen VOIP account details to make 1.5 million calls to premium rate numbers that, in turn, paid the gang a percentage of the inflated call charges.
Other cases, he adds, such as Edwin Andres Pena, who was sentenced to 10 years in jail in a US Federal Court for stealing and reselling VOIP call credits, are part of a growing trend.
"The automated billing mechanisms of VOIP services using direct debit or credit cards make these prized targets for criminals who often have difficulty selling stolen data", he explained.
According to Henry, the problem is not just the theft of calling credits. As data and voice coexist on the same networks, criminals use weaknesses in one area to gain access to the other.
"The information gained from hacking into sensitive voice conversations can be used for insider trading or corporate espionage", he said, adding that very few organisations encrypt their VOIP traffic when it is sent over shared networks.
"The widely held assumption that VOIP traffic is difficult to intercept is plainly wrong", he went on to say, pointing to the growing number of free tools that can capture SIP-based voice calls and turn them into audio files with minimal access to a shared IP network.
The SEC540 course that Henry will teach at SANS Europe is billed as providing VOIP security best practices and technologies, in order to design, deploy, and audit trusted VOIP infrastructures.
According to the institute, the intensive course offers a detailed in-class analysis of infrastructure, signalling, and media attacks, exposing the security risks of VOIP networks for service providers, carriers, and enterprises.