To make a simple call, it's almost as if Skype sets up 10-plus proxy servers to make its own virtual telephone network. Is it safe to have that many connections?
A telephone company or VoIP provider uses its own centralized servers, and the company is then responsible for keeping the servers up and running. To keep a connection alive, it's sufficient to establish a single connection to the business-managed server.
Skype, however, is a peer-to-peer service that uses a distributed network of "supernodes" to facilitate communication throughout the world.
Skype's supernodes are simply other Skype users that have public IP addresses. When they connect to Skype, the network chooses them to be a supernode and then takes advantage of their bandwidth and computing resources to serve other Skype users. This "volunteerism" is allowed under the terms of the Skype user agreement. Using volunteer systems introduces reliability concerns. The owner of such a system may turn it off or disconnect it from the network at any time. Therefore, you may need to connect to more than one supernode to facilitate your communication. There's also the possibility that your system has been "volunteered" as a supernode, an action that could cause your system to begin routing calls for other Skype users on the Internet.
I've loaded my response with "maybes" and "possibilities" because Skype is a proprietary, closed-source tool, and its creators do not publish the technical details of their protocol. This is one of my biggest problems with Skype; I simply don't like the idea of accepting an agreement that allows someone else to use my computer, but does not disclose the precise details of what's happening. For a detailed look at the potential security risks that applications like Skype pose to both the client and the enterprise, I recommend reading my tip, Skype: Its dangers and how to protect against them.
- Learn what the recent Skype outage revealed about VoIP security.
- Check out SearchSecurity.com's VoIP Security Learning Guide.
Dig deeper on Network Device Management
Related Q&A from Mike Chapple, Enterprise Compliance
The HHS security risk assessment tool is designed to help healthcare providers meet the HIPAA security requirement. Expert Mike Chapple explains how ...continue reading
PCI DSS requirement 6.6 demands application security compliance through one of two options: an application firewall or a code review. Expert Mike ...continue reading
Are HIPAA-compliant hosting services a better option for compliance than a secure storage API? Expert Mike Chapple analyzes.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.