Is Skype safe in a business environment?

[Labone]

I hope this is the correct forum for this post as there doesn't seem to be an appropriate one, but here goes.
I manage the IT service for 2 companies and one of them wants to start to use Skype to communicate with one of their customers out in China at the customer's request.
I told them that I didn't think it was safe practice in a business environment but checked with our ISP who manages our Watchguard firewall.
They ran some tests with me sending Skype messages to someone on the outside and they said they could not see any particular traffic eminating from my IP address unless we switched every last bit of logging on. Then we could see traffic but it was encapsulated so we couldn't tell what was coming in or going out using Skype, and we couldn't control it. They told me this was a dangerous practice and to steer clear of it, which we have.
However, a friend of mine who works in support for a very large multi-national has been given a Skype phone to keep in touch with his engineers when they are out on site.
So is his company ignorant of the security implications of using this, which seems unlikely as they have teams of Cisco firewall engineers, or have they found a way to tag and control it?
I would be grateful if anyone had any information on this so I can make a definite statement to our users about whether they can use it or not.

Thanks
Penny

 

[dput]

I am not an expert, but we have it blocked in our network. I see a lot of people who have concerns about this product. Here are some links to websites that discuss some of these issues.

http://connect.educause.edu/blog/ca...ment_bans_skype_citing_security_concerns/1400

http://www.computerworld.co.nz/news.nsf/news/1C31DD62E610104ACC2570B40016C985

http://www.businessweek.com/magazine/content/05_48/b3961092.htm

I would suggest yo do some reading and maybe some of your own searches and make your own opinion. My decision at this point is that we do not allow it on our corporate network.

Dan

 

[Labone]

Thanks Dan. Interesting articles.
I have read similar articles myself, particularly the Info-Tech one which warned IT Managers not to allow Skype
because of the nature of peer-to-peer.
I think I'll err on the side of caution until someone can prove to me that it's safe.

By the way, when you say that you have it blocked on your network, how do you do that?

I'm worried here that someone could install Skype on their PC and use the Chat feature to talk to their mates and I would not know about it.
Is there a way to block it? We use a Watchguard III/1000 firewall.
Any help would be appreciated.

Cheers
Penny

 

[ncotton]

Does it not have a designated hardcoded port that it uses?

Neil J Cotton
njc Information Systems
Systems Consultant
HND, BSc HONS, CCNA, BCS, IETF, DMTF

 

[Labone]

Not sure. I thought it came in on port 80 with normal HTTP traffic.
That's how we've seen it on our firewall. We had to turn all the logging on in order to see chat traffic, but we have never managed to catch the voice traffic at all.
I may be wrong so does anyone else know whether it uses a specific port?

Thanks
Penny

 

[airbourne]

If it uses port 80, you can add a deny traffic rule and use the host or hosts the skype software talks to in order to make a 2 way connection. Make that rule your first rule in your firewall if possible. Example, on the firewall, create a rule, at or as close to the top as possible:

SOURCE = ANY
DESTIMATION = (the IP address(s) being blocked)
SERVICE = ANY
ACTION = DROP

You can then LOG it or track it via an Alert system on your firewall, if that is supported.