|
Security Basics
mailing list archives
Re: Looking for information regarding the use of Skype in an Enterprise network
From: rohnskii () gmail com
Date: 7 Jan 2009 21:18:46 -0000
Good idea to be heads up on the question.
At the high level, going to VoIP, ie Skype, means that you have to consider phone communications now just like any
other computer application. You need server space for it, firewall rules, the application needs to be kept patched up
to date, the server needs to be secured. And if the power goes out, don't for get that so does skype, but the POTS
(Plain Old Telephone Service) dial-tone keeps on buzzing.
Another issue I've read about but don't have a link to is the possible (US) legal requirement VoIP traffic be treated
like any other digital "document" and be archived for discovery, like emails and IM. I don't know if it is true or not.
The worst case situation is the Chineese "hack" of Skype. The redirected their citizens to an "upgraded" version of
Skype that just happens to post conversations to a server where they gov't can read them see:
http://www.nartv.org/mirror/breachingtrust.pdf
http://www.nartv.org/2008/10/01/breaching-trust-tom-skype/
http://computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=privacy&articleId=9116099&taxonomyId=84&intsrc=it_blogwatch
- Chinese Skype spies on users, researcher says
http://blogs.computerworld.com/skype_caught_in_chinese_pr_snafu?source=NLT_AM&nlid=1 - Skype caught in Chinese PR SNAFU
Some of these links are a couple of years old, but they discuss issues to consider:
http://www.securitywatch.co.uk/2008/01/30/german-police-skype-hack-leaked/ - German Police Skype Hack leaked
http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci1188174,00.html -
Skype: Its dangers and how to protect against them is a 2 1/2 year old article that discusses issues with Skype.
http://searchunifiedcommunications.techtarget.com/generic/0,295582,sid186_gci1201132,00.html?track=NL-443&ad=557368&asrc=EM_NNL_392582&uid=4739563
- Executive Guide: VoIP
http://searchunifiedcommunications.techtarget.com/generic/0,295582,sid186_gci1214686,00.html?track=NL-443&ad=563905&asrc=EM_MUP_574371&uid=4739563
- Fast Guide: VoIP encryption, although as I understand it, skype is already encrypted, it doesn't hurt to keep VoIP
encryption in mind.
http://searchunifiedcommunications.techtarget.com/news/article/0,289142,sid186_gci1219828,00.html?track=NL-443&ad=566220&asrc=EM_USC_617835&uid=4739563
- Column: The myths and realities of VoIP security
http://www.hackingvoip.com/sec_tools.html - This site is support for the book "Hacking VoIP Exposed: VoIP Security
Secrets and Solutions", this page is specifically for links to tools that can be used to hack VoIP (not specific to
Skype)
http://searchunifiedcommunications.techtarget.com/news/article/0,289142,sid186_gci1235719,00.html?track=NL-443&ad=576955&asrc=EM_USC_914781&uid=4739563
- This page is a review of the book mentioned above
 By Date 
By Thread
Current thread:
|
