First off, Laura is great! Gerald is great! Wireshark is great! I've been digging into how Wireshark can help me detect security problems on my corporate network. I hear lots of talk about how bad Skype is and how nobody should allow it on their network. But I can't seem to find anything that clearly shows why it is bad. How can I use Wireshark to plainly show why Skype should be banned from my network? I'm fighting an uphill battle because of the potential cost savings for employees traveling, especially internationally. Any help would be greatly appreciated. asked 05 Nov '10, 12:46 Network Dude |
3 Answers:
http://blackhat.com/presentations/bh-europe-06/bh-eu-06-biondi/bh-eu-06-biondi-up.pdf This one gives a more deep technical analysis of Skype, and is the base of why I don't trust Skype. To quote the summary:
And ask yourself: Can I really trust an application which does try so hard to limit me in figuring out what is going on? Can I trust an application which IDS's struggles to control? Can I trust a complete blackbox application, where it can't be verified that there are no security issues or a backdoor? answered 04 Feb '11, 14:53 dazo |
A little googling:
Of course it is not all bad, Skype does work pretty well, you just have to decide for your company if the pros outweigh the cons and consider alternatives. Every company will have to do their own calculation. answered 06 Nov '10, 03:38 SYN-bit ♦♦ |
Without reading those articles and just basing this on customer networks... Many companies do not want Skype on their network because of bandwidth issues, use of personal time issues and security issues. I use Skype as a business tool in my office, but I certainly wouldn't deploy it for everyone to use here. Like Sake said, it's a business decision. Have some fun and analyze some Skype traffic in a test environment! answered 06 Nov '10, 19:50 lchappell ♦ |
I can't speak to skype itself. But to me the answer would be to use some other VOIP protocol within your network. Use scype as a network transport outside your own network, convert at the DMZ, transport it via VPN to your phone room, unpackage it there, and inject into your PBX. Remember too that the phone system itself is a black box; that a lot of the switching box's hardware is not exactly bullet proof. And the cost of phone calls compared to the other costs of having an employee traveling is peanuts.