Secure call recording system for IP telephony

The invention claimed is: 1. A communication system having a call controller for effecting call control between a plurality of endpoints coupled to a plurality of local area networks, and a call recorder for archiving voice calls between said endpoints, said communication system including a packet storage element for storing selected voice packets within voice streams for calls to be recorded, a recording decision element for identifying said selected voice packets, a connection capture element for detecting initiation and removal of voice calls between said endpoints, and a voice sensing element for extracting copies of said selected voice packets and supplying them to said packet storage element, the communication system further comprising: means for proxying the call controller to the end points and the end points to the call controller thereby transforming respective connections between the call controller and end points into respective pairs of terminated connections, selecting and mirroring predetermined active voice streams to be recorded, and securely forwarding the mirrored voice streams to said packet storage element for archiving, wherein the means validates a registration request from the call recorder to establish a secure connection between the means and the call recorder and responds to the registration request with a message indicating a status of connected endpoints of the plurality of endpoints, wherein during a runtime, the call recorder requests or releases taps on the endpoints, wherein the means establishes a security policy with the call recorder, wherein the step of securely forwarding is based on the security policy, wherein the means receives control messages between the call controller and the endpoints and extracts and inserts internet protocol (IP) addresses and ports from and onto the control messages, wherein the means provides the endpoints with an IP address and a port on the means that serves as corresponding IP addresses and ports for the call controller, wherein the means provides the call controller with the IP address and the port for each endpoint, wherein the means stores a table that associates IP addresses and ports of the end points with IP addresses and ports of the end points supplied to the call controller, and wherein the means relays control messages to and from the call controller and the endpoints. 2. The communication system of claim 1 , wherein said means is a router. 3. The communication system of claim 1 , wherein said means is a layer-2 switch. 4. The communication system of claim 1 , wherein said means is a Network Address Translator. 5. The communication system of claim 1 , wherein said means is a firewall. 6. The communication system of claim 1 , wherein said means is a dedicated server. 7. The communication system of claim 1 , wherein said connection capture element is incorporated within said endpoints. 8. The communication system of claim 1 , wherein said recording decision element is incorporated within said endpoints. 9. The communication system of claim 1 , wherein said voice sensing element is incorporated within said means. 10. The communication system of claim 1 , wherein said voice sensing element is incorporated within said call controller. 11. The communication system of claim 1 , wherein said voice sensing element is incorporated within said endpoints. 12. The communication system of claim 1 , wherein said connection capture element is incorporated within said means. 13. The communication system of claim 1 , wherein said connection capture element is incorporated within said call controller. 14. The communication system of claim 1 , wherein said packet storage element is incorporated within said means. 15. The communication system of claim 1 , wherein said packet storage element is incorporated within said endpoints. 16. The communication system of claim 1 , wherein said packet storage element is incorporated within said call controller. 17. A system for recording voice calls, comprising: a plurality of endpoints coupled to a plurality of local area networks; a call controller for establishing call connections for exchanging voice streams between said endpoints; a storage element; and a middlebox for proxying the call controller to the end points and the end points to the call controller thereby transforming respective connections between the call controller and end points into respective pairs of terminated connections, selecting and mirroring predetermined active ones of said voice streams to be recorded, and securely forwarding the mirrored voice streams to said storage element for archiving, wherein the middlebox validates a registration request from the storage element to establish a secure connection between the middlebox and the storage element and responds to the registration request with a message indicating a status of connected endpoints of the plurality of endpoints, wherein during a runtime, the storage element requests or releases taps on the endpoints, wherein the middlebox establishes a security policy with the storage element, wherein the step of securely forwarding is based on the security policy, wherein the middlebox receives control messages between the call controller and the endpoints and extracts and inserts internet protocol (IP) addresses and ports from and onto the control messages, wherein the middlebox provides the endpoints with an IP address and a port on the middlebox that serves as corresponding IP addresses and ports for the call controller, wherein the middlebox provides the call controller with the IP address and the port for each endpoint, wherein the middlebox stores a table that associates IP addresses and ports of the end points with IP addresses and ports of the end points supplied to the call controller, and wherein the middlebox relays control messages to and from the call controller and the endpoints. 18. A method of operating a middlebox for recording calls in a communication system having a call controller for effecting call control between a plurality of endpoints coupled to a plurality of local area networks, the method comprising: proxying the call controller to the end points and the end points to the call controller for transforming respective connections between the call controller and end points into respective pairs of terminated connections; selecting and mirroring predetermined active voice streams to be recorded; intercepting packets from each of the endpoints; decrypting the packets; re-encrypting the packets according to a security policy established between the middlebox and a call recorder, securely forwarding the mirrored voice streams comprising the packets to a call recording peripheral for archiving; validating a registration request from the call recorder to establish a secure connection between the middlebox and the call recorder; and responding, using the middlebox, to the registration request with a message indicating a status of connected endpoints of the plurality of endpoints, wherein during a runtime, the call recorder requests or releases taps on the endpoints, wherein the middlebox receives control messages between the call controller and the endpoints and extracts and inserts internet protocol (IP) addresses and ports from and onto the control messages, wherein the middlebox provides the endpoints with an IP address and a port on the middlebox that serves as corresponding IP addresses and ports for the call controller, wherein the middlebox provides the call controller wit