Skip Links

Assessing Skype's network impact

By Edwin Mier, David Mier and Anthony Mosco, Network World
December 12, 2005 12:06 AM ET

Network World - If you're worried about Skype creating a security problem for your network, don't, because the free VoIP service poses little danger to an enterprise network. That's a good thing, because it's just about impossible to keep Skype out of your network if end users are determined to run it.

Spotting and stopping Skype
A face-off: Is Skype enterprise-ready?
Archive of Network World tests
Subscribe to the Network Product Test Results newsletter

That's the conclusion we reached after testing multiple versions of Skype for several weeks in our independent test lab.

Skype is inscrutable and mysterious. It uses indecipherable encryption. It dynamically morphs traffic characteristics. It can work through virtually any network address translation (NAT)-based firewall. Few of these operational aspects are published (see what is published in the official "Skype Guide for Network Administrators").

And with more than 4 million online users at any given time, one can assume that Skype has permeated many enterprise networks.

Our testing began with capturing and analyzing network traffic while downloading Skype 1.4 (the current version) and a beta version of Skype 2.0 onto various laptops and PCs sitting on public IPs and behind NAT firewalls. We then captured and analyzed Skype setups and Real-time Transport Protocol streams of VoIP calls in various environments, through numerous firewall and intrusion-prevention system (IPS) configurations, between enterprise and residential Skype endpoints, and between subnets on the same enterprise network.

We assessed the state of the encryption and security of the Skype messages and streams, looking for exposed information that could be useful to hackers and susceptible to man-in-the-middle interception and diversion tactics. We evaluated the security of Skype Instant Messaging and file transfer, along with the internetworking of Skype 1.4 and 2.0 beta. We also tracked the effect of Skype operations, in terms of CPU and memory use, on laptops.

Our testing shows that neither Skype VoIP nor Skype Instant Messaging poses any readily exploitable security threat. We also conducted a dozen private interviews with hackers, enterprise network managers and leading network-security-equipment suppliers, none of which could cite one case of Skype being exploited for insidious security assaults.

Of course, next week some vulnerability might be exploited. But as we go to press, we believe that Skype poses more worries about what isn't known than actual security concerns.

Because Skype is largely a point-to-point protocol service, the person you call, or who calls you, can infect communications to you with, say, worms or viruses. But any standard anti-virus protection on your PC or laptop should be able to spot and stop these.

Bandwidth is not a big concern either. A Skype voice call uses 33K to 46Kbps of bandwidth in each direction. This is not a lot, and is typical of an efficient WAN-oriented VoIP vocoding, such as G.729. Of course, if a few dozen internal users are concurrently running Skype calls, this could eat up a T-1's worth of bandwidth.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News