Skype version 3 network traffic is harder to detect and block than previous versions according to iPoque. iPoque specialise in software which logs, throttles back or blocks undesirable traffic for corporate networks. They have upgraded their software to detect Skype 3
There are two issues with using Skype. First security – opening holes in firewall to allow traffic always carries a risk. Not huge, but it’s there. A bigger risk is if users start transferring files or are sent links which they click. Logic says this is no worse than traditional email, you should never accept attachments or click on links if you don’t know what they are and who they’re from. Security flaws in Skype have been found in the past but it should be noted these are NOT flaws in voice, they required the user to click on a link causing a buffer overflow.
The second issue is one of network management. Sure a network administrator should be concerned with which applications are running on computers and traffic consuming bandwidth. What seems to have been missed is that security doesn’t start with blocking traffic at the firewall level! Security should start with barring users from installing unauthorised applications in the first place. All the way back to Windows NT user profiles have been available. User profiles deliver the applications a user needs, and can vary by log on so that different users get different applications tailored to their profile. This means users have the applications they need to carry out their job, but nothing else. Additionally companies should have security policies which are reflected in employee contracts making it a sackable offence to install unauthorised software.
In summary ANY application communicating to the Internet poses a risk – they all open ports (holes) in your firewall. The biggest risk with skype isn’t with voice – it’s with file transfer and URL’s in chat windows. Companies like iPoque are trying to plug holes which, with good network management and security profiles, shouldn’t be an issue in the first place.
It should be noted that there is a Business Version of Skype with a Network Managers Guide to deliver versions tailored to a companies specific requirements. Network administrators can configure which parts of Skype users can use including for example blocking chat and restricting the ability to add users to the address book. Users should NOT be installing the standard version, they shouldn’t be able to install ANY applications.