SUBSCRIBE TO TMCnet
TMCnet - World's Largest Communications and Technology Community

TMC NEWS

TMCNET eNEWSLETTER SIGNUP

Analyst: Skype Poses Risk, Should Be Banned in Enterprise
[November 10, 2005]

Analyst: Skype Poses Risk, Should Be Banned in Enterprise


By ROBERT LIU
TMCnet Wireless and Technology Columnist
 
Skype, the pioneering peer-to-peer Voice over Internet Protocol (VoIP) phone service, poses a serious security threat to millions of corporate enterprises and should in fact be banned, new research from technology industry analyst firm Info-Tech Research Group showed.


 
Because Skype is based on proprietary technology and operates using a peer-to-peer model, companies should ban the use of the softphone client just as they do with instant message and other file-sharing applications, says Info-Tech analyst Ross Armstrong. The London, Ontario-based research firm estimates that out of the total 61 million registered users, approximately 17 million Skype users are using the application for business purposes.

 
“That’s 17 million opportunities for a hacker to invade a corporate network,” Armstrong said in a press statement released Thursday.
 
Security issues surrounding Skype usage certainly aren’t new and have been well documented in the past. Last month, Secunia, a well-known Danish computer security company, issued a highly critical advisory warning network administrators everywhere that overflow buffers could remotely be used to launch a distributed denial-of-service attack.
 
Part of the problem stems from the fact that Skype’s proprietary technology masks Real-Time Transport Protocol (RTP) signaling into a series of HyperText Transfer Protocol (HTTP) signaling that call for the media to run through the very common Port 80, explained Russell Bennett, program manager of Microsoft’s Real Time Collaboration Group. As such, the client doesn’t treat Skype traffic much differently from repeated barrage of Web pages. Today, Microsoft and Cisco announced their own methodology for dealing with corporate firewalls.
 
Representatives from Skype Technologies SA, which was recently acquired by eBay, had no immediate comment.
 
In Info-Tech’s research note, Armstrong outlined at least five reasons for an enterprise to ban Skype in a corporate environment:
  • Skype is not standards-compliant, allowing it and any vulnerability to pass through corporate firewalls.
  • Skype’s encryption is closed source and prone to man-in-the-middle attacks. There are also some unanswered questions about how well the keys are managed.
  • Enterprises using Skype risk a communication barrier with countries and institutions that have already banned the service.
  • Skype is undetectable, untraceable, and unauditable, putting organizations that are subject to compliance laws at risk.
  • The question of whether VoIP calls constitute a business record is a legal quagmire. Throwing Skype into the communications mix further clouds the issue.
 
“The bottom line is that even a mediocre hacker could take advantage of a Skype vulnerability. If you are going to use Skype within enterprise, manage it as you would any other IT service: with policy and diligence,” Armstrong added.
 
----
 
Robert Liu is Executive Editor at TMCnet. Previously, he was Executive Editor at Jupitermedia and has also written for CNN, A&E, Dow Jones and Bloomberg. For more articles, please visit Robert Liu's columnist page.

[ Back To TMCnet.com's Homepage ]







Technology Marketing Corporation

35 Nutmeg Drive Suite 340, Trumbull, Connecticut 06611 USA
Ph: 800-243-6002, 203-852-6800
Fx: 203-866-3326

General comments: tmc@tmcnet.com.
Comments about this site: webmaster@tmcnet.com.

STAY CURRENT YOUR WAY

© 2018 Technology Marketing Corporation. All rights reserved | Privacy Policy