|
Skype Blocker Works But Needs Plenty Of Grunt |
|
|
|
Written by Adam Gosling
|
|
Monday, 28 August 2006 |
French software company, Lynanda Computer Services, has come
up with a new methodology to detect and block Skype traffic as a way to better
secure corporate networks.
The company, which has its roots in developing software for
banks, insurance companies and large government organisations, has developed
the Skype blocker in response to widely held concerns that the peer to peer VoIP
softphone client is an unchecked security threat to corporate networks.
Although Skype has made some progress toward assuaging the
concerns of security administrators, the proprietary "black box" nature of the
application and its specific design to avoid the very security measures enterprise
IT departments employ to secure their networks, continues to be a concern for some
sectors of the industry.
Skype uses a peer-to-peer technology and several obfuscation
techniques, making it challenging for network operators to identify associated traffic.
The application encrypts data transmitted over the Internet between peers and
is particularly gifted when it comes to circumvent security limitations,
explains Lynanda.
So in response the company has come up with a solution to
identify Skype's traffic as it passes across the network. Rather than using
traditional firewall techniques (which Skype's proprietary protocol is designed
to thwart, the Lynanda solution uses statistical data-mining techniques.
It is a two-step process, explains the company. First, the
firewall is exposed to its target environment to "learn" the particularities of
Skype's traffic. Then, it uses the information collected together with
pattern-matching techniques to actually identify Skype's related traffic.
Various technologies like neural networks, distributed
statistical calculus, and pattern recognition through machine learning are
involved in the methodology developed by Lynanda.
These techniques are very similar to the ones currently used
in financial statistics to discover regularities and typical patterns in
apparently chaotic data like stock quotes.
The originality of the method is that it not only looks at
the content of the network packets exchanged, it pays also attention to the
timing at which they are sent and received. Given all this data, it is quite
easy to get a footprint of the Skype application and drop its related traffic,
says Lynanda.
According to a statement released by the company its experiments
show the filter was able to detect and block a Skype call less than 30s after
it started, making it a reasonably efficient Skype blocker.
The number of false positives was very low, though it is
expected to rise in more complex environments like large corporate networks,
especially under heavy network load. The solution appears to be fully scalable
and doesn't require much human intervention or monitoring.
Though this filtering technology needs financial and
technical commitment, quoting Ivan Chollet, Solution Architect at Lynanda, it
could be incorporated in large organizations networks very soon.
"The only drawback of this technology is its computational
expensiveness. In fact one challenge facing traffic-signature techniques on
telecom networks is the high speed at which such pattern matching algorithms
must be executed," says Chollet.
"Therefore, this filtering solution involves massively
parallel computational capabilities as well as expensive database clusters.
However, as these technologies are becoming increasingly affordable, we might
see in the near future a large number of small to medium-sized companies using
it."
Related news items Newer news items
Older news items
|
|
|
|
