In article <3o1al2F3q9n2U1@individual.net>,
Chris Webster <chris@webster.net> wrote:
:Is installing and running Skype from workstations in a corporate network
:considered a security risk for the network, servers and workstations?

Considered by whom?

I know that I block it in my role as security administrator.

- Skype appears to make deliberate attempts to find ways around
firewalls

- Skype attempts to contact an amazing number of remote devices
on random-looking ports -- not just occasionally, either.

- If Skype can figure out a way to get your system to accept
incoming connections from random outside systems, then your
system will be used for distributed processing to maintain the
skype infrastructure or to switch calls. Your acceptance of this
is part of the EULA.

If you are not careful with Skype, you could end up with nasty
excess-bandwidth bills. We have a gigabit connection to the 'net, so
you can imagine how much traffic Skype would think could be switched
through us... but we have to pay for non-research traffic.
It's a hidden cost of using Skype.


After that, one gets into questions of whether one trusts that
Skype has no security holes in its protocol. I don't recall seeing
the Skype security code ever published, and I don't like trusting
our information blindly to unknown protocols.
--
This signature intentionally left... Oh, darn!