If you're worried about Skype creating a security problem for your network, don't, because the free VoIP service poses little danger to an enterprise network. That's a good thing, because it's just about impossible to keep Skype out of your network if end users are determined to run it.

That's the conclusion we reached after testing multiple versions of Skype for several weeks in our independent test lab.

Skype is inscrutable and mysterious. It uses indecipherable encryption. It dynamically morphs traffic characteristics. It can work through virtually any network address translation (NAT)-based firewall. Few of these operational aspects are published (see what is published in the official "Skype Guide for Network Administrators" ).

And with more than 4 million online users at any given time, one can assume that Skype has permeated many enterprise networks.

Our testing began with capturing and analyzing network traffic while downloading Skype 1.4 (the current version) and a beta version of Skype 2.0 onto various laptops and PCs sitting on public IPs and behind NAT firewalls. We then captured and analyzed Skype setups and Real-time Transport Protocol streams of VoIP calls in various environments, through numerous firewall and intrusion-prevention system (IPS) configurations, between enterprise and residential Skype endpoints, and between subnets on the same enterprise network.

We assessed the state of the encryption and security of the Skype messages and streams, looking for exposed information that could be useful to hackers and susceptible to man-in-the-middle interception and diversion tactics. We evaluated the security of Skype Instant Messaging and file transfer, along with the internetworking of Skype 1.4 and 2.0 beta. We also tracked the effect of Skype operations, in terms of CPU and memory use, on laptops.

Our testing shows that neither Skype VoIP nor Skype Instant Messaging poses any readily exploitable security threat. We also conducted a dozen private interviews with hackers, enterprise network managers and leading network-security-equipment suppliers, none of which could cite one case of Skype being exploited for insidious security assaults.

Of course, next week some vulnerability might be exploited. But as we go to press, we believe that Skype poses more worries about what isn't known than actual security concerns.

Because Skype is largely a point-to-point protocol service, the person you call, or who calls you, can infect communications to you with, say, worms or viruses. But any standard anti-virus protection on your PC or laptop should be able to spot and stop these.

Bandwidth is not a big concern either. A Skype voice call uses 33K to 46Kbps of bandwidth in each direction. This is not a lot, and is typical of an efficient WAN-oriented VoIP vocoding, such as G.729. Of course, if a few dozen internal users are concurrently running Skype calls, this could eat up a T-1's worth of bandwidth.

Whitepapers

• Best Practices for HP Servers and HP Enterprise Virtual Array in a Microsoft Exchange
• Best Practices for WAN Optimization with Data Replication
• Demonstrating the Business Value of Mobile Device Management in the Enterprise
• Managing Mobility: An IT Perspective
• High Definition The Evolution of Video Conferencing
• Seeing is believing IDC White Paper

View more VOIP & CONVERGENCE whitepapers

Webcasts

• Economical Disaster Recovery through Virtualization- Thurs., July 10, 2008
• Hosted VoIP Services. Is it for you?
• High Availability for SQL Server 2005 Using Array-Based Replication and Host-Based Mirroring Technologies
• Technical Overview of Exchange Server 2007 with HP Servers and Storage
• Bringing Order and Security to your Mobile Workforce: Corporate Mobility Policy and Device Management On-Demand
• Webcast: Improve your network with unified Gigabit gear

View more VOIP & CONVERGENCE webcasts

Special Reports

• The Wireless Explosion

View more VOIP & CONVERGENCE special reports