Skype uses technology that bypasses firewalls in order to facilitate communications between users.
Released in 2004, Skype had 560 million registered users by the end of 2009. The popular VoIP service allows users to exchange calls, text messages and data files with other users for free using the Internet, and to make calls outside of Skype at rates as low as 1.2 cents per minute. Businesses and individuals use the software to cut communications costs, but the technology that facilitates its efficient connections arouses security concerns that cause large operations to think twice about allowing its use.
Increased Vulnerability Due to Firewall Gaps
To enable fast phone call connections, Skype uses peer-to-peer technology designed to bypass Internet firewalls with little detection. This is the main security concern surrounding Skype use. While the gaps in the firewalls normally intended for protection during Internet use do facilitate communications between users, they also effectively create a gateway which business IT managers worry is vulnerable enough that hackers could exploit them to plant viruses or steal confidential information.
Potential for Fraudulent Authentication
Since Skype only requires a user name and password for user access, another concern is that unintended parties could gain access to calls and information not intended for them by somehow acquiring an individual's log-in information, or accessing a user account on a computer where log-in information has been saved.
History of Attacks
Since Skype's release, contrary to abundant security concerns, there has yet to be a successful high-profile attack to justify concerns that the software could be a high risk threat to business' security. In fact, with only nine instances of vulnerability issues surfacing between 2004 and 2007 -- which were all addressed with heightened security measures in the software versions that followed -- Skype has proven to be more attack-resistant and secure than initial warnings suggested.
Nevertheless, Skype's own director of operations has acknowledged that due to shortcomings such as the inability to log and monitor calls, this may not make it the right communications option for some companies, although he stands behind the strength of Skype's data encryption and other safety measures against security risks.
Precautionary Measures to Increase Skype Security
Skype 3.8, its business version, does offer some features specifically intended to address security concerns of large business and organizations -- although the operational and support costs associated with managing perceived security risks interferes with the notion of Skype as a free method of communication. One option this version offers is for IT managers to implement version control to ensure that all Skype users within an organization are running the same version. This measure enables companies to develop and monitor their own centralized policies, controls and configurations in addition to those enforced by Skype, in order to provide additional measures for anticipating and intercepting any potential vulnerabilities.
Tags: security concerns, between users, communications between, communications between users, concerns that