Bruno Giussani continues his examination of the vulnerabilities that Skype may introduce into corporate networks (previously discussed here). He links to an in-depth technical dissection of Skype by researchers at the European Aeronautic Defense and Space organization (EADS), which will be of interest to network administrators.
UPDATE: I missed this Wall Street Journal article from last week, which takes a broader look at corporate concerns about employees’ use of free web services like Skype:
Some companies worry the new services will overwhelm their networks with unwanted traffic. Others are primarily concerned about security or their ability to track workplace communications, especially in industries like financial services, where regular monitoring is required by regulators. Instant messages from the outside, for example, often aren’t logged and archived the way email is, creating a potential backdoor for illicit communications or breaches of client privacy.
Skype claims the fears are overblown. Says executive Michael Jackson: “Many organizations were initially scared of the Internet and email. Now there’s hardly a workplace on the planet that doesn’t have an Internet connection.” That’s a good general observation, though the fact that past fears dissipated says little about whether current fears are warranted.
French research ministry has solved the problem since almost 1 year : Skype is purely and simply prohibited in french public labs…
When the solution is as simple as this, why should we complicate ? :)
The security threats posed by Skype and other free services can be mitigated. The real question is the services’ impact on productivity, that of the employees using the services, as well as those in charge of keeping networks secure. Companies must be made fully aware of the costs on both sides of the house. Are they? I doubt it—corporate types still tend to view IT as something that happens in the basement. If they scrutinized the impact on the bottom line, they would ban all non-business uses of their IT.
Actually the risks of Skype can not be mitigated if you work in a regulated industry. There exists no means to archive Skype calls, IMs or file transfers. For once, I find myself agreeing with a French government agency…
“organisation” might be somewhat misleading for EADS. It is in fact a publicly traded company, which is best known for its wholly owned Airbus division.
http://www.eads.com