| For further information on the subject, we invite you to | | | | usually there is no connection between the corporate |
| read the analysis performed by the CISSP on potential | | | | network and Skype2PBX gateway - even when the |
| Skype vulnerabilities. | | | | company features IP phones - since the switchboard |
| Technically speaking, Skype is very similar to P2P file | | | | is connected to Skype2PBX gateway through an |
| sharing applications that have been a constant threat | | | | analog and/or ISDN line, thus preventing any hacker |
| to corporate networks over the years. | | | | attack to the corporate network. |
| To make telephone calls at reduced costs using a | | | | The positioning of the Skype gateway on a DMZ |
| VoIP service, several resources need in fact to be | | | | network reduces system vulnerabilities to zero; |
| shared, first of all bandwidth. Moreover, to operate in | | | | Skype2PBX is usually installed on a network which is |
| the presence of one or more routers or firewalls, | | | | separated from the corporate network. Any attack will |
| Skype must be run on port 80 (the same used to surf | | | | be therefore limited to the gateway equipment and will |
| the Web, that no company can restrict). Like other P2p | | | | not affect the corporate network. |
| applications, it opens so many connections as to slow | | | | Skype2PBX is moreover based on Linux operating |
| down a corporate network as much as any client | | | | system, which is known to be safer than Microsoft |
| eMule that opens thousands of connections. | | | | operating systems. Besides this, Skype2PBX allows |
| But two more aspects need to be analyzed: the first is | | | | the configuration of a Firewall (based on IPTABLES), |
| called proprietary technology and affects the release | | | | which blocks any undesired connections to the |
| speed of security patches (without questioning about | | | | equipment.File transfer and chat services being |
| the code contents). The second aspect concerns the | | | | disabled, Skype2PBX can be used with vulnerabilities |
| distributions policy of the security patches since, even | | | | reduced to zero. |
| supposing that they are released on time, their actual | | | | Bandwidth use deserves a deeper analysis; although |
| distribution to hundreds or thousands of clients may | | | | official Skype specifications declare an average |
| turn out to be extremely expensive. | | | | bandwidth use of 16/32Kbps/call and zero bandwidth |
| Finally, even if it is allowable (and physiologic) for a | | | | use for normal Skype operation in the absence of |
| software to have bugs, when it comes to an | | | | calls, it can in fact tie up the corporate bandwidth. |
| application which is expected to be used worldwide | | | | In order to improve system safety while keeping good |
| and which is bound to operate inside corporate | | | | reliability standards for Skype and Internet services, we |
| networks, a critical analysis should at least be | | | | strongly recommend you to install Skype2PBX on a |
| performed before adopting it. Although scepticism | | | | separate internet connection.This type of connection |
| persists over whether Skype is safe for business, we | | | | blocks any hacker access between the Skype2PBX |
| would like to examine with you how we managed to | | | | system and the corporate network while guaranteeing |
| make the use of Skype2PBX safe at corporate level. | | | | optimal Internet connectivity and Skype calls’ |
| Even if Skype has proved not to be the perfect | | | | quality. |
| enterprise VoIP solution, Skype2PBX allows the | | | | Although this connection may seem quite expensive, |
| vulnerabilities introduced by this application to be greatly | | | | the cost reduction Skype2PBX allows makes it worth |
| reduced while maintaining the benefits of connecting to | | | | a while. We have estimated that an hour of |
| wired telephones anywhere in the world at less than | | | | international conversation makes a company pay off |
| company prices. First of all Skype2PBX does not need | | | | the monthly fee for a dedicated Skype line. |
| any software to be installed on corporate PCs. Let | | | | Conclusive Remarks |
| alone the benefits deriving from the use of traditional | | | | To sum up, we may assert that though Skype is not |
| telephone systems instead of wearing headsets, the | | | | the perfect enterprise VoIP solutions for the |
| main advantages in terms of management and | | | | vulnerabilities it may introduce, through Skype2PBX it |
| security are: | | | | can be used safely on any corporate network. |
| - Zero installation time even with hundreds or | | | | The worst case we can envisage is a temporary |
| thousands of clients | | | | violation of the Skype2PBX Gateway equipment |
| - Unchanged corporate network security | | | | (which is very unlikely to occur); should this be the |
| - Software upgrade performed on the gateway | | | | case, however, it will take only 10 minutes to re-install |
| equipment | | | | and operate it. |
| - No direct user access to the gateway equipment | | | | A potential "risk" that, on our opinion, is outweighed by |
| and to File Transfer and Chat services. After | | | | the huge cost saving that Skype may introduce in any |
| explaining how risks are reduced to the least using | | | | company. |
| Skype2PBX, we may also add that Skype2PBX | | | | |