|
Call To Ban Skype! |
|
|
|
Written by Adam Gosling
|
|
Wednesday, 09 November 2005 |
A major industry research organisation has recommended companies either find a way to secure Skype or ban its use.
The respected Info-Tech Research Group has released a report entitled “Five Reason’s To Ban Skype” claiming that the popular VoIP technology is just too insecure for business use.
Info-tech estimates that one-third of Skype's 53 million registered users are business users, but that enterprises should put the application in the same category as Instant Messaging and other peer-to-peer apps. If they ban those, they should ban Skype says the research company.
Among the list of Skype’s dangers are:
1. It’s too firewall-friendly. Skype's proprietary closed-source VoIP protocol - which does not employ accepted VoIP standards like H.323 and Session Initiation Protocol (SIP) - allows it to traverse corporate firewalls and symmetric NATs. An unknown and unsanctioned VoIP protocol freely roaming the network - without IT's approval or assessment - poses an unacceptable transgression of IT's authority over the corporate network and computing resources.
2. It has too many vulnerabilities. Buffer overflow vulnerabilities are known to exist in Skype. And since Skype travels the network as data packets, conversations are prone to capture. Problems also exist with Skype's encryption format: First, it doesn’t prevent a man in the middle attack and secondly, if it becomes infected with a worm (which it one day will), the worm could hide in the encryption during transmission, undetected by anti-virus software. Because the encryption is closed source, there are some unanswered questions about how well the keys are managed. Finally, Skype recently announced that all of its VoIP clients – including Windows, Linux, Mac OS X, and Pocket PC – suffer from bugs that leave PCs prone to crashes and open computers to takeover by a hacker.
3. It poses a communication barrier with other countries or institutions. Countries like China and Oman have banned Skype already, as has the rest of the United Arab Emirates. Many post-secondary institutions in North America have banned Skype as well, in addition to most other P2P and file sharing applications.
4. It violates established legal requirements. For example, securities brokers operate under a mandatory requirement to record and track all telephone calls. Unsanctioned usage of an application like Skype would put a brokerage at severe risk of prosecution if caught using telephony that is undetectable, untraceable, and unauditable.
5. It's one more type of communication to secure, monitor, store, and archive. Enterprises are already struggling with records retention rules imposed by HIPAA, Sarbanes-Oxley, and other laws. In addition, the question of whether VoIP calls constitute a business record or not is a legal quagmire in and of itself. Throwing Skype into the communications mix will only further cloud the issue.
Related news items Newer news items
Older news items
|
|
|
|
