Staff WritersThe Info-Tech Research Group has released a report advising large corporates to either find a way to secure Skype or banish it from their networks.
Entitled “Five Reason’s To Ban Skype” Info-Tech says the popular VoIP technology is just too insecure for corporate networks and organisations that have already banned peer-to-peer applications such as Instant Messaging should also look at banning Skype.
The research company estimates that one-third of Skype’s 53 million registered users are business users, but the software is believed to be too insecure for corporate networks because it’s too firewall-friendly. Skype doesn’t use established VoIP standards, such as H.323 and Session Initiation Protocol (SIP), it uses a proprietary protocol which helps it traverse firewalls. But having an unsanctioned VoIP protocol freely roaming the network – without proper approval or assessment – poses an unacceptable threat says the company.
Skype has recently been forced into the patch mentality as its burgeoning popularity has caught the attention of malware authors seeking exploitable systems. Buffer overflow vulnerabilities are known to exist in Skype and there are also known issues with Skype’s encryption format.
Also Skype recently announced that all of its VoIP clients – including Windows, Linux, Mac OS X, and Pocket PC – suffer from bugs that leave PCs prone to crashes and open computers to takeover by a hacker.
Info-Tech also points out that Skype violates some established legal requirements such as the need for US securities brokers and others to record and track all telephone calls. Unsanctioned usage of an application like Skype would put a brokerage at severe risk of prosecution if caught using telephony that is undetectable, untraceable, and unauditable, points out the research company.