[VOIPSEC] Soft Phone Vulnerabilities
Mark Stewart
mrkstu at gmail.com
Thu Jun 15 15:56:24 CDT 2006
I can live with, even love, Skype as a consumer, but as a System/Network
Administrator I have difficulties with it. The same firewall penetrating
power it has at conferences means that I have equal difficulty denying that
traffic on a perimiter device. I know my bandwidth and I would like to
shape it the way I want. Software expressly designed to take away my ability
to shape that flow is software I don't want on machines that live inside my
network.
My understanding is that, like many other peer-to-peer software packages,
it will commandeer CPU and network resources if it them, futher depleting
available bandwidth beyond what is needed for base operation.
These 'misfeatures' are ones that will keep Skype out of the corporate
world, unless they address them. Its security model for transporting traffic
seems sufficient, but they really need to give administrators transparency
and manageability. If they can add that to their NAT-bypass prowess, they
will have an excellent story for corporate use.
Mark Stewart
Network/Security Engineer
More information about the Voipsec
mailing list