Skype - a security risk?

Discussion in 'Computer Security' started by Chris Webster, Sep 4, 2005.

  1. Hi,

    Is installing and running Skype from workstations in a corporate network
    considered a security risk for the network, servers and workstations?

    Of course I mean using Skype binaries downloaded directly from www.skype.com

    Thanks for comments on this issue

    regards

    Chris
     
    Chris Webster, Sep 4, 2005
    #1
    1. Advertisements

  2. Chris Webster

    Imhotep Guest

    I have not heard of any security issues with Skype. I would check out some
    of the vulnerability databases out there to see if there are any known
    issues. Also, you did not specify what OS you are talking about...

    Im
     
    Imhotep, Sep 5, 2005
    #2
    1. Advertisements

  3. Chris Webster

    hatschi Guest

    Good question.

    At least nobody knows what skype is doing. They use a protocol, which is
    proprietary and kept secret. However, Skype uses a mechanism, which
    allows the software to get through any firewall by using the https port.

    The guys from skype were the formerly kazaa people. That prog had a bad
    reputation by installing spyware on your pc. I dont think they would do
    that kind of buisness now, because they want to spread skype and earn
    money with in- and outgoing calls to pstn.

    At least, my company decided not to install Skype. But we have a very
    restrictive policy.

    At least, I would feel uncomfortable to use a software and not knowing
    what it is doing in a sensitive enviroment.

    Regards
    hatschi
     
    hatschi, Sep 5, 2005
    #3
  4. Chris Webster

    Imhotep Guest

    You have good comments but, think about this. With any commercial software
    do you really know whats "under the hood"? How many commercial software
    vendors use proprietary protocols? Maybe 85%?

    Just a thought,
    -- Imhotep
     
    Imhotep, Sep 5, 2005
    #4
  5. Chris Webster

    hatschi Guest

    Yes you are definetly right, but when you are using SIP or any other
    protocol a sniffer can decode you can see what is going on. At least an
    open source software would be the best decision from that point of view.

    The other thing is how much you trust a company or how much knowledge
    you have about their security issues. Actually Cisco seems to have a big
    problem to get their stuff hardend.

    If I have the choice between Skype, or for instance a SIP thing, I would
    choose the last one. But that means a lot of work and sometimes a pain
    in the ... Skype is a wonderful out of the box experience.

    Greetings
    hatschi
     
    hatschi, Sep 5, 2005
    #5
  6. Chris Webster

    Gerard Bok Guest

    Gerard Bok, Sep 5, 2005
    #6
  7. The usual dilemma in corporate IT: The security guys want to encrypt
    all traffic to protect the company from corporate espionage, but
    Management will never agree to that because you wouldn't be able to
    check for security leaks anymore...

    Juergen Nieveler
     
    Juergen Nieveler, Sep 5, 2005
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.