Educause Security Discussion mailing list archives

Re: Skype on the network

From: Gary Dobbins <dobbins () ND EDU>
Date: Wed, 8 Apr 2009 14:47:56 -0400

Does anyone (or perhaps their legal counsel) have any concerns about the possibility of institutional information in 
the form of conversations being in the hands of unknown and/or un-contracted-with parties (e.g. when Skype routes calls 
thru customer systems)?

I know Skype encrypts (end-to-end?), but without confidence in the key management, how can you know that some 
intermediate device doesn't have a copy of the session key and is able to "listen in?"

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Joel
Rosenblatt
Sent: Wednesday, April 08, 2009 1:28 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Skype on the network

Hi,

We allow Skype, no security problems.

Take a look at
http://www2.cit.cornell.edu/ncs/services/commercial_voip.html

They have done a nice job on this - most of the bases have been
covered by their document.

My 2 cents.

Joel Rosenblatt

Joel Rosenblatt, Manager Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854
3033
http://www.columbia.edu/~joel


--On Wednesday, April 08, 2009 10:00 AM -0500 Todd Bossaller
<bossallert () MOVAL EDU> wrote:

I know this has been covered before but I would like to inquire

again.

Do you allow Skype on your network?  If not, why?
Have you had issues with security?

Thank you,

Todd Bossaller
Systems Administrator
Missouri Valley College
500 E College St.
Marshall,  MO. 65340
p(660) 831-4088
f(660) 831 -4068
bossallert () moval edu
This document may contain confidential information and is

intended solely for the use of the addressee. If you received it in
error, please contact the

sender at once and destroy the document. The document may contain

information subject to restrictions of the Family Educational
Rights and Privacy and the

Gramm-Leach-Bliley Acts. Such information may not be disclosed or

used in any fashion outside the scope of the service for which you
are receiving the

information




Joel Rosenblatt, Manager Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854
3033
http://www.columbia.edu/~joel

Current thread:

Skype on the network Todd Bossaller (Apr 08)
- <Possible follow-ups>
- Re: Skype on the network Di Fabio, Andrea (Apr 08)
- Re: Skype on the network Todd Clementz (Apr 08)
- Re: Skype on the network Brian Epstein (Apr 08)
- Re: Skype on the network Joel Rosenblatt (Apr 08)
- Re: Skype on the network Michael Sinatra (Apr 08)
- Re: Skype on the network Gary Dobbins (Apr 08)
- Re: Skype on the network Allan Williams (Apr 08)
- Re: Skype on the network Russ Leathe (Apr 09)
- Re: Skype on the network Mike Porter (Apr 09)
- Re: Skype on the network Todd Bossaller (Apr 09)