Among my concerns is that skype is a P2P technology - in itself not such a big deal, normally - and that skype data transits all manner of end-user machines not under anyone's control (certainly in many cases not in the control of the putative owner). It also is intrusive in that according to the EULA it basically owns your machine for its own purposes, including auditing your hardware configuration and allowing inbound network traffic that you don't control.
All aspects of computer and network security for our company is my focus, though it's not my full time job - or is that not the question you were asking? Does this (http://en.wikipedia.org/wiki/Skype_security#Flaws_and_potential_flaws) not give plenty for a reasonable person to worry about? Kurt On Thu, Dec 30, 2010 at 12:25, Andrew S. Baker <asbz...@gmail.com> wrote: > What's your main concern with Skype? > What aspect of security is your focus? > > ASB (My XeeSM Profile) > Exploiting Technology for Business Advantage... > > > > On Thu, Dec 30, 2010 at 3:15 PM, Kurt Buff <kurt.b...@gmail.com> wrote: >> >> This is pretty old, but I'm now being forced to allow skype on our >> network, and I'm pretty unhappy about it.. >> >> Ken, is your firm still allowing skype, and if so, can you speak to >> what your security folks did to make themselves happy about allowing >> skype? >> >> Has anyone else here done a security review that gave them a decision >> one way or the other about allowing it? >> >> Kurt >> >> On Thu, Jan 15, 2009 at 08:12, Ken Cornetet <ken.corne...@kimball.com> >> wrote: >> > We are deploying it here to a few users. >> > >> > >> > >> > I’m using group policy to turn off being a supernode, downloads, >> > listening >> > on tcp ports, and 3rd party access to the Skype API. >> > >> > >> > >> > Our security folks reviewed it and are happy. >> > >> > >> > >> > From: Tim Evans [mailto:tev...@sparling.com] >> > Sent: Thursday, January 15, 2009 11:01 AM >> > To: NT System Admin Issues >> > Subject: Skype >> > >> > >> > >> > Has anyone looked at Skype recently? We’ve got a client that wants us >> > to >> > use Skype for communications with them. I’ve always been a little leery >> > of >> > using them in a business environment, but looking at it now, I see they >> > have >> > a MSI download for easy deployment and a group policy template for >> > central >> > administration of settings. It all looks pretty cool. While the security >> > guy >> > in me wants to say no, I’m having a hard time finding a reason not to >> > say >> > OK. >> > >> > >> > >> > I’m curious what the members of this esteemed group think about it >> > >> > >> > >> > >> > >> > …Tim >> > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
