On Jul 16, 2007, at 2:56 PM, M.B.Jr. wrote:
Guess we need to hear some other professionals.
I disagree with this characterization - I don't think Skype's network
behavior risks any certifications at all (for example, the Skype
could be profiled using a NetFlow-based behavioral anomaly-detection
system, for example, irrespective of its port/protocol selection),
there's nothing in any of those standards which would seem to imply
that, AFAICT. The bigger risk with Skype, IMHO, is the 'supernode'
functionality which can result in one's conversations being relayed
by random nodes beyond one's control and/or one's own Skype nodes
acting as a supernode relay for the calls of others. It also uses a
closed-source encryption scheme which hasn't been subjected to peer
review.
There are some ways to restrict Skype functionality either using
Skype and/or Skype partner add-ons as well as third-party solutions
which can restrict host application behavior. The supernode
functionality, AFAIK, is hardcoded.
Another option would be something along the lines of a Skype-to-SIP
gateway (I think there's at least one commercially available) which
would allow your customer to use SIP handsets or softphones to
communicate with the gateway, which would then proxy the calls to/
from Skype.
But making the assumption that the mere presence of Skype on the
network would somehow result in loss of certification is a bit of a
stretch, IMHO.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins@cisco.com> // 408.527.6376 voice
Culture eats strategy for breakfast.
-- Ford Motor Company
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer
http://www.cenzic.com/c/wf-spi
------------------------------------------------------------------------
