Security

Security on any VoIP network is of considerable importance, given the forensic importance of a phone call. On a conventional VoIP network, as well as on a traditional telephone network, the following information is logged:

• The phone number that was dialed

• When the number was dialed

• When the call was connected

• The duration of the call

• When the call was disconnected

Skype does log some of the preceding information, but only the last 10 records, and a history is not kept as you might see in other VoIP solutions. This raises legal questions if business is conducted over a Skype connection. You need to decide what your security policy is on and whether logging call information is required. Some situations may require logging; others may not. Unauthorized use of Skype on a network can bring the following problems to the network administrator:

• Skype file transfers can cut both ways: unauthorized flow of company data out or the download of files that could be compromised with worms, viruses, and the like that have bypassed your firewalls and scanners.

• Skype file transfers will be caught by an antivirus solution that has an auto-protect capability.

• Skype users could consume a considerable amount of bandwidth if unchecked on the network. A large company with a T3 would not notice it right away, but a smaller company with a single T1 or a slower DSL circuit could easily have its WAN link overloaded by excessive VoIP...