The new era of information technology is strong in all companies and people understand that there are quick and easy methods of communication have not been available before. One of the most modern is the instant messaging tool, in any form possible. And the most popular form of day is Skype.
In addition, modern management staff demonstrated the ability to use Skype at work as their constitutional right, not a corporate privilege.But let us observe the pitfalls of using Skype in corporate communication:
Skype is designed to be an Internet communication tool - it means that each Skype Client must be connected to a Super Node somewhere on the Internet
Skype protocol is designed for communication between users via possibly block the roads. It does this through SuperNodes and Route Nodes to download messages when direct client-to-client communication is impossible
Skype protocol is propriatery and encrypted, so there is no way to verify or audit the content of the messages.
Again through a characterization of the Skype protocol, any Skype client can choose to be a routing node, potentially offer the services to any client on the Internet.
Skype is designed as an Internet telephony protocol, and voice functionality can not be blocked. Using voice functionality may cause unnecessary bandwidth and potential problems in data networks
Skype client is closed source, and any requirements of the encryption algorithms used in it be taken for granted, as there is no way to confirm them. So nobody really knows if Skype or anyone else can eavesdrop. Although all claims are true, the usual problem is not the algorithm, but with the implementation. Remember, an iPhone hacker locking mechanisms used an error in the RSA encryption algorithm.
Skype binary is unnaturally large, most of it is encrypted, and it contains a long series of checks and hooks that are designed to prevent an active debugging tool to reverse engineer it. Also, it contains intentional garbage code and padding designed to confuse any dissecting of the file. This mess of a binary is an excellent place to hide an unwanted item as backdoor, trojan or spyware tool that would not be easily detectable using standard spyware tools.
All passwords Skype users kept on a centralized Skype Authentication Server. Skype claims that all passwords are irreversibly hashed. This fact and the hashing algorithm is impossible to confirm. This may not be a problem for private use, but in a corporate environment a large number of employees use the same password for all their business applications, so it is very possible that they will use the same password for Skype, potentially releasing this password in Nature.
So here is a summary of the pitfalls of using skype:
All users must be able to connect to some servers on the Internet to log into the Skype network. This connection can be used to piggy-back an attack by the authenticated outgoing session.
No possibility to perform audits of communication - a corporate must!
No possibility of block voting and thereby allow bandwidth hogging
No guarantees on what is within the Skype code
No guarantees for Skype passwords
No guarantees for Skype encryption
One must emphasize that these pitfalls mostly affect the organization as a whole (sysadmin, Netadmin, security, internal audit et.c.), while individual users are usually very happy to be handled by Skype.
It is my firm conviction that the goal of facilitating corporate communication, is not served by Skype
To address this goal, the company should implement an internal corporate messaging tool, has the following features:
Chance of fine-grained activation / deactivation of services available (text, audio, video, file transfer)
Possibility of review of both administrative events (logon, logoff) and messages
Fully internal infrastructure, thus requiring access to the Internet.
Also with the advent of IP telephony in the corporate world, should the corporation decide on a strategic selection of product that will complement the IP telephony, not compete or conflict with it.
