Skype For Business Analysis Compared to Skype2PBX
For further information on the subject, we invite you to read the analysis performed by the CISSP on potential Skype vulnerabilities.
Technically speaking, Skype is very similar to P2P file sharing applications that have been a constant threat to corporate networks over the years.
To make telephone calls at reduced costs using a VoIP service, several resources need in fact to be shared, first of all bandwidth.
Moreover, to operate in the presence of one or more routers or firewalls, Skype must be run on port 80 (the same used to surf the Web, that no company can restrict).
Like other P2p applications, it opens so many connections as to slow down a corporate network as much as any client eMule that opens thousands of connections.
But two more aspects need to be analyzed: the first is called proprietary technology and affects the release speed of security patches (without questioning about the code contents).
The second aspect concerns the distributions policy of the security patches since, even supposing that they are released on time, their actual distribution to hundreds or thousands of clients may turn out to be extremely expensive.
Finally, even if it is allowable (and physiologic) for a software to have bugs, when it comes to an application which is expected to be used worldwide and which is bound to operate inside corporate networks, a critical analysis should at least be performed before adopting it.
Although scepticism persists over whether Skype is safe for business, we would like to examine with you how we managed to make the use of Skype2PBX safe at corporate level.
Even if Skype has proved not to be the perfect enterprise VoIP solution, Skype2PBX allows the vulnerabilities introduced by this application to be greatly reduced while maintaining the benefits of connecting to wired telephones anywhere in the world at less than company prices.
First of all Skype2PBX does not need any software to be installed on corporate PCs.
Let alone the benefits deriving from the use of traditional telephone systems instead of wearing headsets, the main advantages in terms of management and security are:
The positioning of the Skype gateway on a DMZ network reduces system vulnerabilities to zero; Skype2PBX is usually installed on a network which is separated from the corporate network.
Any attack will be therefore limited to the gateway equipment and will not affect the corporate network.
Skype2PBX is moreover based on Linux operating system, which is known to be safer than Microsoft operating systems.
Besides this, Skype2PBX allows the configuration of a Firewall (based on IPTABLES), which blocks any undesired connections to the equipment.
File transfer and chat services being disabled, Skype2PBX can be used with vulnerabilities reduced to zero.
Bandwidth use deserves a deeper analysis; although official Skype specifications declare an average bandwidth use of 16/32Kbps/call and zero bandwidth use for normal Skype operation in the absence of calls, it can in fact tie up the corporate bandwidth.
In order to improve system safety while keeping good reliability standards for Skype and Internet services, we strongly recommend you to install Skype2PBX on a separate internet connection.
This type of connection blocks any hacker access between the Skype2PBX system and the corporate network while guaranteeing optimal Internet connectivity and Skype calls’ quality.
Although this connection may seem quite expensive, the cost reduction Skype2PBX allows makes it worth a while.
We have estimated that an hour of international conversation makes a company pay off the monthly fee for a dedicated Skype line.
Conclusive Remarks To sum up, we may assert that though Skype is not the perfect enterprise VoIP solutions for the vulnerabilities it may introduce, through Skype2PBX it can be used safely on any corporate network.
The worst case we can envisage is a temporary violation of the Skype2PBX Gateway equipment (which is very unlikely to occur); should this be the case, however, it will take only 10 minutes to re-install and operate it.
A potential "risk" that, on our opinion, is outweighed by the huge cost saving that Skype may introduce in any company.
Technically speaking, Skype is very similar to P2P file sharing applications that have been a constant threat to corporate networks over the years.
To make telephone calls at reduced costs using a VoIP service, several resources need in fact to be shared, first of all bandwidth.
Moreover, to operate in the presence of one or more routers or firewalls, Skype must be run on port 80 (the same used to surf the Web, that no company can restrict).
Like other P2p applications, it opens so many connections as to slow down a corporate network as much as any client eMule that opens thousands of connections.
But two more aspects need to be analyzed: the first is called proprietary technology and affects the release speed of security patches (without questioning about the code contents).
The second aspect concerns the distributions policy of the security patches since, even supposing that they are released on time, their actual distribution to hundreds or thousands of clients may turn out to be extremely expensive.
Finally, even if it is allowable (and physiologic) for a software to have bugs, when it comes to an application which is expected to be used worldwide and which is bound to operate inside corporate networks, a critical analysis should at least be performed before adopting it.
Although scepticism persists over whether Skype is safe for business, we would like to examine with you how we managed to make the use of Skype2PBX safe at corporate level.
Even if Skype has proved not to be the perfect enterprise VoIP solution, Skype2PBX allows the vulnerabilities introduced by this application to be greatly reduced while maintaining the benefits of connecting to wired telephones anywhere in the world at less than company prices.
First of all Skype2PBX does not need any software to be installed on corporate PCs.
Let alone the benefits deriving from the use of traditional telephone systems instead of wearing headsets, the main advantages in terms of management and security are:
- Zero installation time even with hundreds or thousands of clients
- Unchanged corporate network security
- Software upgrade performed on the gateway equipment
- No direct user access to the gateway equipment and to File Transfer and Chat services.
The positioning of the Skype gateway on a DMZ network reduces system vulnerabilities to zero; Skype2PBX is usually installed on a network which is separated from the corporate network.
Any attack will be therefore limited to the gateway equipment and will not affect the corporate network.
Skype2PBX is moreover based on Linux operating system, which is known to be safer than Microsoft operating systems.
Besides this, Skype2PBX allows the configuration of a Firewall (based on IPTABLES), which blocks any undesired connections to the equipment.
File transfer and chat services being disabled, Skype2PBX can be used with vulnerabilities reduced to zero.
Bandwidth use deserves a deeper analysis; although official Skype specifications declare an average bandwidth use of 16/32Kbps/call and zero bandwidth use for normal Skype operation in the absence of calls, it can in fact tie up the corporate bandwidth.
In order to improve system safety while keeping good reliability standards for Skype and Internet services, we strongly recommend you to install Skype2PBX on a separate internet connection.
This type of connection blocks any hacker access between the Skype2PBX system and the corporate network while guaranteeing optimal Internet connectivity and Skype calls’ quality.
Although this connection may seem quite expensive, the cost reduction Skype2PBX allows makes it worth a while.
We have estimated that an hour of international conversation makes a company pay off the monthly fee for a dedicated Skype line.
Conclusive Remarks To sum up, we may assert that though Skype is not the perfect enterprise VoIP solutions for the vulnerabilities it may introduce, through Skype2PBX it can be used safely on any corporate network.
The worst case we can envisage is a temporary violation of the Skype2PBX Gateway equipment (which is very unlikely to occur); should this be the case, however, it will take only 10 minutes to re-install and operate it.
A potential "risk" that, on our opinion, is outweighed by the huge cost saving that Skype may introduce in any company.
Source...