This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

First off, Laura is great! Gerald is great! Wireshark is great!

I've been digging into how Wireshark can help me detect security problems on my corporate network. I hear lots of talk about how bad Skype is and how nobody should allow it on their network. But I can't seem to find anything that clearly shows why it is bad. How can I use Wireshark to plainly show why Skype should be banned from my network? I'm fighting an uphill battle because of the potential cost savings for employees traveling, especially internationally. Any help would be greatly appreciated.

asked 05 Nov '10, 12:46

Network%20Dude's gravatar image

Network Dude
1222
accept rate: 0%

I can't speak to skype itself. But to me the answer would be to use some other VOIP protocol within your network. Use scype as a network transport outside your own network, convert at the DMZ, transport it via VPN to your phone room, unpackage it there, and inject into your PBX. Remember too that the phone system itself is a black box; that a lot of the switching box's hardware is not exactly bullet proof. And the cost of phone calls compared to the other costs of having an employee traveling is peanuts.

(13 Feb '11, 07:27) SGBotsford

http://blackhat.com/presentations/bh-europe-06/bh-eu-06-biondi/bh-eu-06-biondi-up.pdf

This one gives a more deep technical analysis of Skype, and is the base of why I don't trust Skype. To quote the summary:

  • Good points
    • Skype was made by clever people
    • Good use of cryptograph
  • Bad points

    • Hard to enforce a security policy with Skype
    • Jams traffic, can’t be distinguished from data exfiltration
    • Incompatible with traffic monitoring, IDS
    • Impossible to protect from attacks (which would be obfuscated)
    • Total blackbox. Lack of transparency.
    • No way to know if there is/will be a backdoor
    • Fully trusts anyone who speaks Skype.

And ask yourself: Can I really trust an application which does try so hard to limit me in figuring out what is going on? Can I trust an application which IDS's struggles to control? Can I trust a complete blackbox application, where it can't be verified that there are no security issues or a backdoor?

permanent link

answered 04 Feb '11, 14:53

dazo's gravatar image

dazo
312
accept rate: 0%

A little googling:

Of course it is not all bad, Skype does work pretty well, you just have to decide for your company if the pros outweigh the cons and consider alternatives. Every company will have to do their own calculation.

permanent link

answered 06 Nov '10, 03:38

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

Without reading those articles and just basing this on customer networks...

Many companies do not want Skype on their network because of bandwidth issues, use of personal time issues and security issues.

I use Skype as a business tool in my office, but I certainly wouldn't deploy it for everyone to use here. Like Sake said, it's a business decision. Have some fun and analyze some Skype traffic in a test environment!

permanent link

answered 06 Nov '10, 19:50

lchappell's gravatar image

lchappell ♦
1.2k2730
accept rate: 8%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×36
×11

question asked: 05 Nov '10, 12:46

question was seen: 5,220 times

last updated: 13 Feb '11, 07:27

p​o​w​e​r​e​d by O​S​Q​A