Tip

The pros and cons of Skype for mobile workers

This tip is reposted from SearchVoIP's Day-to-Day Networking feature, which includes a cartoon and daily networking tips for the month of October.

Many companies are deploying Voice

    Requires Free Membership to View

over Internet Protocol (VoIP) to cut on-site communication cost by converging voice and data onto the same internal network. But off-site, VoIP presents a different cost/benefit equation: Whether a mobile worker uses a traditional cell phone or a VoIP phone, there's an ISP/carrier bill to be paid. The big benefit, millions of Skype users have found, is elimination of distance-sensitive toll charges. Many mobile workers now use Internet VoIP services like Skype while on the road, without racking up huge long distance bills. But should enterprises permit or even embrace Skype use by mobile workers? Here are some scenarios to consider.

  1. Corporate network use by employee-owned devices making Skype calls

    Skype consumes bandwidth, just like any other real-time protocol. Skype voice traffic is encrypted, so companies have no ability to control or audit the content that Skype carries through corporate firewalls. Skype "super nodes" have a bigger impact on firewall performance and WAN bandwidth because they serve as communication hubs, helping Skype users find each other. In other words, Skype can lower caller cost by borrowing network and system resources from around the globe. Do you want your corporate network to donate to this cause?

  2. Installation of Skype software on company-owned devices

    Skype is a proprietary P2P program that communicates over the Internet. As such, Skype presents the same risks associated with permitting employee installation of other commercial P2P programs. For example, employees must exercise caution to avoid being victimized by phishing emails and offers for phony Skype "helper" software and services. To prevent unwanted calls, teach employees to use contact and authorization lists, and to be judicious about the information included in their public Skype profile. Leverage antivirus and personal firewall software to scan files received from other Skype users, and block packets that try to exploit Skype bugs. (For a current list, search cve.mitre.org for Skype, or check Skype's own security bulletins.)

  3. Using Skype to carry business voice and instant messages

    When employees use Skype to convey business voice or data, you must consider whether Skype satisfies your corporate security policy. Many companies have detailed policies for data but simply assume that carriers provide adequate security for voice traffic. VoIP and other real-time communication protocols pose many new threats and thus frequently require policy changes to address new business risks. But Skype poses a special challenge because it is a proprietary protocol that uses both home-grown and well-known cryptographic algorithms in a proprietary manner. According to Skype's Web site, Skype uses AES (Advanced Encryption Standard) with 256-bit encryption and "1024 bit RSA to negotiate symmetric AES keys." The precise way that Skype applies these and other proprietary algorithms is not defined by any standard and is not available for public review. Because Skype isn't a standard, no independent test lab can formally certify that Skype's implementation doesn't have bugs or inherent vulnerabilities.

About the author
Lisa Phifer is vice president of Core Competence Inc., a consulting firm specializing in network security and management technology. Phifer has been involved in the design, implementation, and evaluation of data communications, internetworking, security, and network management products for nearly 20 years.

This tip originally appeared on SearchVoIP.com.


This was first published in March 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.