Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Latest News
    • Networking

    Enterprises Need to Deal with Skype Boom

    By
    Andrew Garcia
    -
    June 19, 2008
    Share
    Facebook
    Twitter
    Linkedin

      With the explosion in the popularity of the Skype peer-to-peer voice over IP program, IT managers are finding themselves faced with some familiar questions: Should they curb Skype’s use in the company? Should they support the application, even when it comes in through the backdoor? Should they embrace the solution, deploying it from the get-go?

      Recent moves by the Skype organization indicate that it is time for enterprises to get off the fence-those that want to continue using it should bring it in-house to fully manage and control the application. Those that don’t need to figure out how to block its use outright.

      There’s no doubt that Skype has its advantages. It provides cheap long-distance calling, particularly for those who frequently travel abroad. Skype also enables quick collaboration via conferencing for small groups. Best of all, it’s easy to use and has a broad user base.

      /zimages/4/152846.jpg

      Indeed, at the European IT Forum Sept. 25-26, Michael Jackson, Skype’s vice president of mobile and telecom services, announced that Skype has 113 million registered users, 30 percent of whom use Skype for business. With numbers that high, it is quite likely that Skype is being used somewhere on your corporate network.

      And therein is the trouble. By its nature, Skype wants to be on the network and wants to work under any network conditions. The Skype protocol is so well-engineered that it can’t be denied access by simply blocking users access to foreign IP address blocks or to network protocols.

      Skype also will readily leak out of the network, using high-numbered ports-either TCP or UDP (User Datagram Protocol). As a last resort, it will use ports 80 and 443, which are most commonly used for Web traffic.

      /zimages/4/28571.gifeWEEK Labs tests a trio of Wi-Fi-enabled Skype phones. Click here to read the reviews.

      A firewall that blocks inbound traffic or uses NAT (Network Address Translation) also won’t stop Skype. When a Skype client starts, it opens a session with a supernode in the Skype network.

      If the client cannot be contacted from the Internet, the supernode will notify the client when a call comes in-via the open connection. If the recipient cannot directly contact the sender, the supernode or a relay agent can then act as a proxy between the two callers.

      These supernode proxies can be located anywhere on the Internet. In Section 4 of Skype’s EULA (end-user license agreement), its revealed that Skype can use any user’s computer processor and network resources to help facilitate performance. With enough processing power and network bandwidth at its disposal, any Skype client could be a supernode or a relay agent.

      Almost all Skype communications are strongly encrypted with AES (Advanced Encryption Standard), and some setup traffic is obfuscated with RC4 encryption, so the proxies cannot decipher any third-party traffic that crosses through.

      /zimages/4/28571.gifHas the Skype protocol been cracked? Click here to read more.

      But this encryption also means that network administrators have no insight into what data is contained within the encrypted stream. Since Skype contains file transfer mechanisms, there is the chance that confidential information can leak out.

      Skype also attempts to modify desktop firewall settings to allow itself to run optimally. If the firewall rule gets disabled, the next time Skype starts it will re-enable its firewall exception (if the user has permission to modify firewall settings).

      Force-feeding?

      The Skype organization is introducing changes aimed at easing IT managers’ worries about these issues, but the changes seem to send an interesting message: Join Skype, and we’ll help you rein it in; refuse us and, well, good luck with that.

      At the European IT Forum, Jackson announced that the company will release some Administrative Templates that will allow organizations using Microsoft’s Active Directory Group Policy to take control of Skype’s behavior across the network.

      Next Page: Defining the path for Skype traffic.

      Defining the Path for Skype traffic

      However, these templates, which are expected to be released in early 2007, are not likely to be able to control every aspect of Skype’s behavior. (For example, eWEEK Labs doubts that administrators will be able to turn off supernode availability.)

      The Skype organization also is ramping up education about the software. The “Guide for Network Administrators,” available here, does a good job of describing how to configure the client and network for best performance.

      It also imparts enough information about how Skype works so that administrators will know exactly what they are getting into.

      /zimages/4/28571.gifPolycoms speakerphones reception was excellent when used for Skype calls in eWEEK Labs tests. Click here to read more.

      The guide provides some information about controlling Skypes network behavior through either Web or SOCKS proxies. This will give administrators a choke point where Skype communications can be cut off if trouble should arise.

      Clearly defining the path for Skype traffic has the added benefit of reducing alerts from IDSes (intrusion detection systems), as Skype’s normal behavior often is construed as an attack.

      If enterprises are to actively deploy Skype, then the Skype organization needs to start offering Windows Installer-based packages that will work with enterprise software deployment tools.

      While the current Skype package is scriptable for silent installation, enterprises will need binaries that work with their existing software deployment tools.

      /zimages/4/28571.gifClick here to read how Skype and Intel are making PCs chattier.

      Companies should follow Skype’s guidelines and use internal proxies to control Skypes flow through the network. By default, Skype will adopt the hosts Microsoft Internet Explorer proxy settings, but we hope that the application’s own proxy settings will be modifiable via Active Directory Group Policy when the Administrative Templates are released next year.

      Such controls will give administrators the ability to stanch the service in the event of a zero-day attack on Skype or a suspected outflow of information.

      Companies adopting Skype also should investigate the possibility of integrating Skype into their existing telephony infrastructure.

      At the Internet Telephony Conference and Expo Oct. 10-13 in San Diego, we caught a sneak peek of a device from Actiontec Electronics-Vosky Exchange-that attempts to integrate Skype for Business with an existing PBX.

      We dont think this particular solution will scale effectively beyond the needs of more than a handful of users, as it relies on analog FXO (Foreign Exchange Office) trunks and USB connections to connect the PBX to a dedicated server offering Skype services.

      However, the product does indicate a new level of innovation from third parties that we hope to see continue down the road.

      Keep It Out

      IT managers who have decided that Skype’s benefits are not worth the risk (or work) may be surprised to find that it can be difficult to block the service.

      The best way to control Skype’s spread is to deny users permission to install the application on the desktop. Companies with an in-place, written policy denying Skype usage-combined with a Least-Privilege User Account, or LUA, ethic-will keep users from letting the software land a beachhead on the network.

      /zimages/4/28571.gifKeyspans VOIP Phone offers good coverage in eWEEK Labs tests. Click here to read the review.

      There are other avenues for Skype to get into the network besides the desktop or notebook, however, as there is a Skype version for Pocket PC-based mobile devices as well as a slew of new Skype-enabled Wi-Fi phones.

      To block Skype at the network, companies will need insight into the application layer. Many firewalls and IPSes (intrusion prevention systems) have signatures for Skype traffic and communications.

      However, the Skype protocol undoubtedly will be modified and honed, so signatures will need to be updated occasionally.

      Technical Analyst Andrew Garcia can be reached at andrew_garcia@ziffdavis.com.

      Skypes To-Do List

      Five things Skype should do to be more enterprise-friendly

      • Make deployment easier: The Skype install package is already scriptable, so administrators can deploy the software via log-in scripts, but making an .msi file available would help the software fit in with enterprise deployment tools.
      • Make management easier: Creating administrative templates for Active Directory Group Policy would help admins control how Skype behaves on their networks. Templates for controlling some Skype options will be released soon, but admins should be able to dictate what services their Skype client will offer and how Skype communicates.
      • Lock out the supernode: Enterprises need to account for who is using company resources. It may require a different license agreement for business customers, but enterprises need to turn the supernode capability off.
      • Improve documentation: There are ways to rein in Skype’s tentacles so it won’t sneak out any open door or set off IDS alarms all over the place-such as requiring a SOCKS proxy for every Skype client-but Skype could do more to organize and advertise these solutions.
      • Add an optional enterprise element to the Skype certification process: An optional layer of certification targeted at enterprise customers could help avoid issues such as Wi-Fi phones that can’t roam.

      /zimages/4/28571.gif Check out eWEEK.com for the latest news, views and analysis on voice over IP and telephony.

      Andrew Garcia
      Andrew cut his teeth as a systems administrator at the University of California, learning the ins and outs of server migration, Windows desktop management, Unix and Novell administration. After a tour of duty as a team leader for PC Magazine's Labs, Andrew turned to system integration - providing network, server, and desktop consulting services for small businesses throughout the Bay Area. With eWEEK Labs since 2003, Andrew concentrates on wireless networking technologies while moonlighting with Microsoft Windows, mobile devices and management, and unified communications. He produces product reviews, technology analysis and opinion pieces for eWEEK.com, eWEEK magazine, and the Labs' Release Notes blog. Follow Andrew on Twitter at andrewrgarcia, or reach him by email at agarcia@eweek.com.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×