![Happy birthday, Mountie! 34 + VAT today ]:)](http://www.tamebay.com/logo2c.jpg)
Skype security problem yes or no?
Skype version 3 network traffic is harder to detect and block than previous versions according to iPoque. iPoque specialise in software which logs, throttles back or blocks undesirable traffic for corporate networks. They have upgraded their software to detect Skype 3
There are two issues with using Skype. First security - opening holes in firewall to allow traffic always carries a risk. Not huge, but it's there. A bigger risk is if users start transferring files or are sent links which they click. Logic says this is no worse than traditional email, you should never accept attachments or click on links if you don't know what they are and who they're from. Security flaws in Skype have been found in the past but it should be noted these are NOT flaws in voice, they required the user to click on a link causing a buffer overflow.
The second issue is one of network management. Sure a network administrator should be concerned with which applications are running on computers and traffic consuming bandwidth. What seems to have been missed is that security doesn't start with blocking traffic at the firewall level! Security should start with barring users from installing unauthorised applications in the first place. All the way back to Windows NT user profiles have been available. User profiles deliver the applications a user needs, and can vary by log on so that different users get different applications tailored to their profile. This means users have the applications they need to carry out their job, but nothing else. Additionally companies should have security policies which are reflected in employee contracts making it a sackable offence to install unauthorised software.
In summary ANY application communicating to the Internet poses a risk - they all open ports (holes) in your firewall. The biggest risk with skype isn't with voice - it's with file transfer and URL's in chat windows. Companies like iPoque are trying to plug holes which, with good network management and security profiles, shouldn't be an issue in the first place.
It should be noted that there is a Business Version of Skype with a Network Managers Guide to deliver versions tailored to a companies specific requirements. Network administrators can configure which parts of Skype users can use including for example blocking chat and restricting the ability to add users to the address book. Users should NOT be installing the standard version, they shouldn't be able to install ANY applications.
There are two issues with using Skype. First security - opening holes in firewall to allow traffic always carries a risk. Not huge, but it's there. A bigger risk is if users start transferring files or are sent links which they click. Logic says this is no worse than traditional email, you should never accept attachments or click on links if you don't know what they are and who they're from. Security flaws in Skype have been found in the past but it should be noted these are NOT flaws in voice, they required the user to click on a link causing a buffer overflow.
The second issue is one of network management. Sure a network administrator should be concerned with which applications are running on computers and traffic consuming bandwidth. What seems to have been missed is that security doesn't start with blocking traffic at the firewall level! Security should start with barring users from installing unauthorised applications in the first place. All the way back to Windows NT user profiles have been available. User profiles deliver the applications a user needs, and can vary by log on so that different users get different applications tailored to their profile. This means users have the applications they need to carry out their job, but nothing else. Additionally companies should have security policies which are reflected in employee contracts making it a sackable offence to install unauthorised software.
In summary ANY application communicating to the Internet poses a risk - they all open ports (holes) in your firewall. The biggest risk with skype isn't with voice - it's with file transfer and URL's in chat windows. Companies like iPoque are trying to plug holes which, with good network management and security profiles, shouldn't be an issue in the first place.
It should be noted that there is a Business Version of Skype with a Network Managers Guide to deliver versions tailored to a companies specific requirements. Network administrators can configure which parts of Skype users can use including for example blocking chat and restricting the ability to add users to the address book. Users should NOT be installing the standard version, they shouldn't be able to install ANY applications.
Labels: skype
2 Comments:
You know what's going to happen, right? Ebay likes to hire the techs who are hot on everything tech, but ebay doesn't believe in education for its members. They want to roll it out and you go fetch and use it. Skype is a Peer-to-Peer network and Skype creators are the same guys who brought us Kazaa. When you start using a P2P you risk the chance that you can inadvertently share your passwords, email addresses and other private data. That's just from those who may not understand just how much access you are giving out when you allow them behind your firewall. Ebays not going to train people to be better internet users, they want people to get exploited so that will be the excuse... USER ERROR and that will camaflogue the security exploits that can happen when you are using any type of system like this. I'll use skype, on my crap computer. People should expect it to be a security issue. What do you expect from a company that can't even get their traffic counters to work! ha!
Group Policies documented in Skype Network Administrators Guide also apply to "standard" Skype, it does not matter if users install "standard" version or not.
So called "Business Version of Skype" is just a different packaging: a MSI installer mainly and it does not include some consumer oriented add-ons, like Extras Manager.
Post a Comment
Subscribe to Post Comments [Atom]
<< Home