Friday, January 25, 2008

Why Block Skype?

Blocking Skype with security devices seems to be a very emotional subject for some people. I guess I can’t blame folks for being ticked off about this. From their standpoint they can make free calls and the service is always up. Very nice. But before you hang your security administrators for blocking Skype read on…..

Please make sure you understand the downside of Skype however before you quickly judge those who are skeptical. Skype has security evasion behavior built into the software, it changes ports to avoid being blocked by firewall policies and it encrypts it’s payload so conversations cannot be “grabbed”.

Now consider a security administrators job which is basically to enforce company internet security policies. Now consider that most enterprise have in place called “acceptable use”. Most “Acceptable Use” security policies state that an acceptable application must use a well defined port and an established RFC protocol, this guarantees that an enterprise can have visibility into outbound data streams which helps them to protect against data-leakage. Skype clearly doesn’t work in a way that’s acceptable for many enterprises.

Again is Skype bad – no, it’s great. Is it acceptable to run in corporate environments? Maybe, maybe not, it’s up to the enterprise to make this decision. Just keep in mind that if an enterprise chooses to block Skype, they aren’t doing it as a personal attack against anyone and it doesn’t make them bad guys, they are just doing their job. A more effective use of your energy may be to petition the folks at Skype to enable acceptable behavior into their product.

No comments:

With Great Power Comes Great Responsibility....raise the bar

With Great Power Comes Great Responsibility....raise the bar
Get Secure