Home page logo
/

basics logo Security Basics mailing list archives

Re: Looking for information regarding the use of Skype in an Enterprise network
From: rohnskii () gmail com
Date: 7 Jan 2009 21:18:46 -0000

Good idea to be heads up on the question.

At the high level, going to VoIP, ie Skype, means that you have to consider phone communications now just like any 
other computer application.  You need server space for it, firewall rules, the application needs to be kept patched up 
to date, the server needs to be secured.  And if the power goes out, don't for get that so does skype, but the POTS 
(Plain Old Telephone Service) dial-tone keeps on buzzing.

Another issue I've read about but don't have a link to is the possible (US) legal requirement VoIP traffic be treated 
like any other digital "document" and be archived for discovery, like emails and IM.  I don't know if it is true or not.

The worst case situation is the Chineese "hack" of Skype.  The redirected their citizens to an "upgraded" version of 
Skype that just happens to post conversations to a server where they gov't can read them see:
http://www.nartv.org/mirror/breachingtrust.pdf
http://www.nartv.org/2008/10/01/breaching-trust-tom-skype/

http://computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=privacy&articleId=9116099&taxonomyId=84&intsrc=it_blogwatch
 - Chinese Skype spies on users, researcher says

http://blogs.computerworld.com/skype_caught_in_chinese_pr_snafu?source=NLT_AM&nlid=1  - Skype caught in Chinese PR SNAFU

Some of these links are a couple of years old, but they discuss issues to consider:

http://www.securitywatch.co.uk/2008/01/30/german-police-skype-hack-leaked/ - German Police Skype Hack leaked

http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci1188174,00.html - 
Skype: Its dangers and how to protect against them is a 2 1/2 year old article that discusses issues with Skype.

http://searchunifiedcommunications.techtarget.com/generic/0,295582,sid186_gci1201132,00.html?track=NL-443&ad=557368&asrc=EM_NNL_392582&uid=4739563
 - Executive Guide: VoIP

http://searchunifiedcommunications.techtarget.com/generic/0,295582,sid186_gci1214686,00.html?track=NL-443&ad=563905&asrc=EM_MUP_574371&uid=4739563
 - Fast Guide: VoIP encryption, although as I understand it, skype is already encrypted, it doesn't hurt to keep VoIP 
encryption in mind.

http://searchunifiedcommunications.techtarget.com/news/article/0,289142,sid186_gci1219828,00.html?track=NL-443&ad=566220&asrc=EM_USC_617835&uid=4739563
 - Column: The myths and realities of VoIP security

http://www.hackingvoip.com/sec_tools.html - This site is support for the book "Hacking VoIP Exposed: VoIP Security 
Secrets and Solutions", this page is specifically for links to tools that can be used to hack VoIP (not specific to 
Skype)

http://searchunifiedcommunications.techtarget.com/news/article/0,289142,sid186_gci1235719,00.html?track=NL-443&ad=576955&asrc=EM_USC_914781&uid=4739563
 - This page is a review of the book mentioned above


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]