tag:blogger.com,1999:blog-4088979.post113763576868665345..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: Skype RocksRichard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger8125tag:blogger.com,1999:blog-4088979.post-1137672213161040272006-01-19T07:03:00.000-05:002006-01-19T07:03:00.000-05:00"Head of IT Engineering" -- read this post."Head of IT Engineering" -- read this <A HREF="http://taosecurity.blogspot.com/2006/01/skype-revisited-this-is-response-to.html" REL="nofollow">post</A>.Richard Bejtlichhttps://www.blogger.com/profile/13512184196416665417noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1137668564683599262006-01-19T06:02:00.000-05:002006-01-19T06:02:00.000-05:00Wow - you were one of the last people I thought wo...Wow - you were one of the last people I thought would be giving a thumbs up to Skype.<BR/><BR/>As head of IT Engineering for a decent size company (3500+), Skype is a constant headache for me. Let's go over some of the reasons I don't like it:<BR/><BR/>1 - I have no ability to produce call records for audits (we have a perfectly functioning Avaya system with SIP capability, but people still like to use Skype.<BR/><BR/>2 - The amount of bandwidth it uses is actually pretty impressive. Our main office and WAN point uses multiple T3 lines, and because of that bandwidth, Skype users on our network frequently become super nodes, increasing our bandwidth usage, and leading to....<BR/><BR/>3 - Skype kills desktop performance if it is left to run for any length of time, thus causing more load on my support team because of users complaining their macines are so slow.<BR/><BR/>4 - I refuse to support any group / company / cause that so specifically builds a product designed to bypass all security on a corporate network in order to let a peer to peer file sharing system work. There is no good way to block Skype (that I've found, other than turning off the Intranet, which really wouldn't bother me all that much either), and on their website it specifically tells you that it will get by IT department restrictions on your network.<BR/><BR/>Adding to number 4, they also have this charming little suggestion on their site:<BR/><BR/><B>"Ideally, outgoing TCP connections to all ports (1..65535) should be opened... and will not make your network any less secure."</B><BR/><BR/>Skype is a disruptive technology, but it's also a pain in the a**. I'd much rather deal with standars based systems that I can easily integrate and upgrade to make sure that I have dependable communications that won't cause any issues down the road, for either my support staff or end users.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1137663694071333302006-01-19T04:41:00.000-05:002006-01-19T04:41:00.000-05:00the use of other user's machine's (a la peer to pe...the use of other user's machine's (a la peer to peer) for skype to work is of a concern. use tcpview, or your favorite port mapper, once skype is running, to see where skype is routing your traffic through/to and what port(s) is is listening on to accept potentical connections on.....Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1137661902362195192006-01-19T04:11:00.000-05:002006-01-19T04:11:00.000-05:00I recommend taking a look at jingle : http://www.s...I recommend taking a look at jingle : <BR/>http://www.saint-andre.com/blog/2005-12.html#2005-12-15T11:51 <BR/><BR/>it's the VOIP extension to the jabber protocol, still experimental, and it's about to be used by google talk. Google will even be participating in its developpement. <BR/><BR/>Jabber is an effective way to have a private IM (and VOIP when Jingle is impllemented) server. it has support for SSL, and is an open standard.<BR/><BR/>regards,<BR/><BR/>- DanielAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1137648133546393772006-01-19T00:22:00.000-05:002006-01-19T00:22:00.000-05:00Skype raises a number of security concerns - propr...Skype raises a number of security concerns - proprietary "just trust us" encryption, the whole supernode deal in which your calls may be routed through someone else's machine and/or theirs through yours, etc.<BR/><BR/>There are lots of ways to do VoIP. As a security professional, I wouldn't recommend getting too enthused about Skype.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1137642461566384482006-01-18T22:47:00.000-05:002006-01-18T22:47:00.000-05:00one more thing - I recommend not using the Skype "...one more thing - I recommend not using the Skype "send file" feature for large files, you will find a severe latency imposed by the protocol used. Other than that I have zero complaints about Skype so far.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1137642182724182492006-01-18T22:43:00.000-05:002006-01-18T22:43:00.000-05:00I use Skype for work - dialing into teleconference...I use Skype for work - dialing into teleconferences is much cheaper with Skype than using my cell phone minutes.<BR/><BR/>I have Vonage at home and it works really well for me. I've tried iconnecthere and some others for other things but Skype is pretty cool, now with video chat too. <BR/><BR/>skype me - securityprofessional<BR/><BR/>- RockyAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1137636802466760432006-01-18T21:13:00.000-05:002006-01-18T21:13:00.000-05:00VOIP is definitely the future, but needs some more...VOIP is definitely the future, but needs some more time to bake in. I am on my second VOIP provider, and have found it difficult to find a VOIP provider with super reliable service. What providers are other folks using?<BR/><BR/>Thanks for posting the screenshots!<BR/>- RyanAnonymousnoreply@blogger.com