Re: Skype on the network

[Allan Williams <allan.williams () ANU EDU AU>]

Like any system there is a limit to the amount of trust you should
place in it. I don't see the issue of skype being any more of a
concern than using the PSTN.   User awareness is the best option and
if there are sensitive matters to be discussed alerting users to
alternatives to skype like -  using the PSTN, encrypted cell phones,
propriety solutions  or face-to-face meetings.

Regards,
        Allan

On 09/04/2009, at 4:47 AM, Gary Dobbins wrote:

> Does anyone (or perhaps their legal counsel) have any concerns about
> the possibility of institutional information in the form of
> conversations being in the hands of unknown and/or un-contracted-
> with parties (e.g. when Skype routes calls thru customer systems)?
>
> I know Skype encrypts (end-to-end?), but without confidence in the
> key management, how can you know that some intermediate device
> doesn't have a copy of the session key and is able to "listen in?"
>
>
>
> > -----Original Message-----
> > From: The EDUCAUSE Security Constituent Group Listserv
> > [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Joel
> > Rosenblatt
> > Sent: Wednesday, April 08, 2009 1:28 PM
> > To: SECURITY () LISTSERV EDUCAUSE EDU
> > Subject: Re: [SECURITY] Skype on the network
> >
> > Hi,
> >
> > We allow Skype, no security problems.
> >
> > Take a look at
> > http://www2.cit.cornell.edu/ncs/services/commercial_voip.html
> >
> > They have done a nice job on this - most of the bases have been
> > covered by their document.
> >
> > My 2 cents.
> >
> > Joel Rosenblatt
> >
> > Joel Rosenblatt, Manager Network & Computer Security
> > Columbia Information Security Office (CISO)
> > Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854
> > 3033
> > http://www.columbia.edu/~joel
> >
> >
> > --On Wednesday, April 08, 2009 10:00 AM -0500 Todd Bossaller
> > <bossallert () MOVAL EDU> wrote:
> >
> > > I know this has been covered before but I would like to inquire
> > again.
> > > Do you allow Skype on your network?  If not, why?
> > > Have you had issues with security?
> > >
> > > Thank you,
> > >
> > > Todd Bossaller
> > > Systems Administrator
> > > Missouri Valley College
> > > 500 E College St.
> > > Marshall,  MO. 65340
> > > p(660) 831-4088
> > > f(660) 831 -4068
> > > bossallert () moval edu
> > > This document may contain confidential information and is
> > intended solely for the use of the addressee. If you received it in
> > error, please contact the
> > > sender at once and destroy the document. The document may contain
> > information subject to restrictions of the Family Educational
> > Rights and Privacy and the
> > > Gramm-Leach-Bliley Acts. Such information may not be disclosed or
> > used in any fashion outside the scope of the service for which you
> > are receiving the
> > > information
> >
> >
> >
> > Joel Rosenblatt, Manager Network & Computer Security
> > Columbia Information Security Office (CISO)
> > Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854
> > 3033
> > http://www.columbia.edu/~joel

==================================
Allan Williams
Head Systems & Desktop Services
Division of Information
R.G. Menzies Building
Building 2
The Australian National University
Canberra ACT 0200

T: +61 2 6125 8404
M: 0400 480 144
www.anu.edu.au

CRICOS Provider #00120C
==================================