VoIP Security – Skype's Noncommittal Response
The Many Facets of VoIP Security
Security means many things to different people. For some, it might imply safety from unauthorized access to the network. For others, it might mean having solid defenses against DDoS attacks. For many however security in the context of a VoIP system means protection from eavesdroppers. Businesses that migrate to VoIP from the traditional PSTN system have every incentive to protect their trade secrets and to ensure that critical communications don't lose their integrity. We have already seen that the SIP protocol incorporates quite a few security mechanisms to ensure that private conversations remain private. Not all VoIP providers however use SIP – and even those that do, don't necessarily implement all the security features that are available. Take for example the SRTP protocol that is a secure alternative to the RTP protocol frequently used in VoIP. Certain SIP providers support it, and many don't.
What does it mean however when one of the most popular VoIP applications of the planet, namely Skype, refuses to answer a question as to whether or not it is eavesdropping on their users calls? The concern is legitimate specially because Skype had recently applied and obtained a patent for monitoring user communications on its network. When the spokesperson was recently asked whether or not they actually did this, they refused to answer the question. Such responses do not provide the kind of confidence that consumers and businesses require.
Alternatives to Skype
VoIP security is not something to be taken lightly. Fortunately, there are many alternatives to Skype and many providers would gladly provide you with the security you desire. If you stay in Los Angeles for example, there are many Los Angeles VoIP providers will provide you with the necessary business security.
An SIP VoIP stream is divided into two parts. The signaling protocol sets up and tears down the call. It determines what ports are going to be used for the actual media communication which will use the RTP or the SRTP protocol. At least we know exactly what happens in SIP VoIP calls. Skype however uses a proprietary protocol and we're not exactly sure how it works. Businesses prefer to use technologies that are made up of open standards so that they can be researched and evaluated for potential weaknesses. There are no "back doors" that can be built into the system if everything is open.
This is one of the reasons why SIP is preferable to Skype. You wouldn't want any critical business communications to go over someone else's network without you knowing exactly what measures are taken to secure it.