Security Basics mailing list archives
Re: Looking for information regarding the use of Skype in an Enterprise network
From: rohnskii () gmail com
Date: 7 Jan 2009 21:18:46 -0000
Good idea to be heads up on the question. At the high level, going to VoIP, ie Skype, means that you have to consider phone communications now just like any other computer application. You need server space for it, firewall rules, the application needs to be kept patched up to date, the server needs to be secured. And if the power goes out, don't for get that so does skype, but the POTS (Plain Old Telephone Service) dial-tone keeps on buzzing. Another issue I've read about but don't have a link to is the possible (US) legal requirement VoIP traffic be treated like any other digital "document" and be archived for discovery, like emails and IM. I don't know if it is true or not. The worst case situation is the Chineese "hack" of Skype. The redirected their citizens to an "upgraded" version of Skype that just happens to post conversations to a server where they gov't can read them see: http://www.nartv.org/mirror/breachingtrust.pdf http://www.nartv.org/2008/10/01/breaching-trust-tom-skype/ http://computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=privacy&articleId=9116099&taxonomyId=84&intsrc=it_blogwatch - Chinese Skype spies on users, researcher says http://blogs.computerworld.com/skype_caught_in_chinese_pr_snafu?source=NLT_AM&nlid=1 - Skype caught in Chinese PR SNAFU Some of these links are a couple of years old, but they discuss issues to consider: http://www.securitywatch.co.uk/2008/01/30/german-police-skype-hack-leaked/ - German Police Skype Hack leaked http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci1188174,00.html - Skype: Its dangers and how to protect against them is a 2 1/2 year old article that discusses issues with Skype. http://searchunifiedcommunications.techtarget.com/generic/0,295582,sid186_gci1201132,00.html?track=NL-443&ad=557368&asrc=EM_NNL_392582&uid=4739563 - Executive Guide: VoIP http://searchunifiedcommunications.techtarget.com/generic/0,295582,sid186_gci1214686,00.html?track=NL-443&ad=563905&asrc=EM_MUP_574371&uid=4739563 - Fast Guide: VoIP encryption, although as I understand it, skype is already encrypted, it doesn't hurt to keep VoIP encryption in mind. http://searchunifiedcommunications.techtarget.com/news/article/0,289142,sid186_gci1219828,00.html?track=NL-443&ad=566220&asrc=EM_USC_617835&uid=4739563 - Column: The myths and realities of VoIP security http://www.hackingvoip.com/sec_tools.html - This site is support for the book "Hacking VoIP Exposed: VoIP Security Secrets and Solutions", this page is specifically for links to tools that can be used to hack VoIP (not specific to Skype) http://searchunifiedcommunications.techtarget.com/news/article/0,289142,sid186_gci1235719,00.html?track=NL-443&ad=576955&asrc=EM_USC_914781&uid=4739563 - This page is a review of the book mentioned above
Current thread:
- Looking for information regarding the use of Skype in an Enterprise network Sam Evans (Jan 07)
- Re: Looking for information regarding the use of Skype in an Enterprise network Adriel T. Desautels (Jan 07)
- Re: Looking for information regarding the use of Skype in an Enterprise network Sam Evans (Jan 07)
- Re: Looking for information regarding the use of Skype in an Enterprise network Adriel T. Desautels (Jan 07)
- Re: Looking for information regarding the use of Skype in an Enterprise network Sam Evans (Jan 07)
- RE: Looking for information regarding the use of Skype in an Enterprise network Roger Onken (Jan 20)
- Re: Looking for information regarding the use of Skype in an Enterprise network Sam Evans (Jan 07)
- Re: Looking for information regarding the use of Skype in an Enterprise network Adriel T. Desautels (Jan 07)
- Re: Looking for information regarding the use of Skype in an Enterprise network Jarrod Frates (Jan 07)
- RE: Looking for information regarding the use of Skype in an Enterprise network Steve Armstrong (Jan 07)
- Re: Looking for information regarding the use of Skype in an Enterprise network Shawn Merdinger (Jan 07)
- Re: Looking for information regarding the use of Skype in an Enterprise network nnp (Jan 12)
- <Possible follow-ups>
- Re: Looking for information regarding the use of Skype in an Enterprise network rohnskii (Jan 07)
- Re: Looking for information regarding the use of Skype in an Enterprise network krymson (Jan 07)
- Re: Re: Looking for information regarding the use of Skype in an Enterprise network krymson (Jan 07)
- Re: Looking for information regarding the use of Skype in an Enterprise network rohnskii (Jan 08)
- Re: Looking for information regarding the use of Skype in an Enterprise network Shawn Merdinger (Jan 08)
- Re: Re: Looking for information regarding the use of Skype in an Enterprise network chmod1777 (Jan 08)
- Re: Looking for information regarding the use of Skype in an Enterprise network rohnskii (Jan 09)
- Re: Looking for information regarding the use of Skype in an Enterprise network krymson (Jan 20)