Super shock let's see how dangerous Skype is. Network security
Source: Internet
Author: User
Now, the right, incorrect information about Skype's impact on corporate networks and individual users is spreading widely. How insecure is it? I will tell you the truth about the Skype loophole in this article.
Understand the basic structure of Skype
Skype is a peer-to-peer application, that is, the user is directly connected to the user and does not pass through any intermediary communication server. When a user logs in, Skype initially uses a web-based server to authenticate users and track their status, but once the user initiates a "chat" or sends an instant message, a "voice conversation" or a "file transfer", the communication is achieved through Peer-to-peer direct linking. If no less than one user of a connection uses a typical corporate network Address transfer (NAT) firewall, the communication between them will be relayed via a hyper-node because NAT does not allow direct peer-to-peer connections. When transferring files, you will receive a message that your transmissions will be relayed.
One feature of Skype, where security experts are most concerned, is that Skype users can easily bypass the configuration of the corporate firewall. Skype uses 80 and 443 ports, and most firewalls open these ports to allow browsing of the network. In addition, Skype will change the transmission route if the assigned port is not available when the Skype is installed. As a result, Skype's ports can be changed according to demand, making it harder to block Skype with firewalls.
Skype also uses a unique AES 256-bit key for each communication, meaning that you use a different key for each communication, which makes it almost impossible to monitor traffic.
One thing to note about Skype's security is the hyper node that transmits the alignment for Skype. A hyper-node is actually a computer with a special configuration that must be connected directly to the Internet and not using NAT firewalls. In addition, the computer must have a "real" public network by IP address. In addition to these limitations, any Skype user's computer that meets the most basic hardware and configuration requirements can become a hyper-node.
You also need to know a lot about Skype's security structure. For more information, please visit the Skype Security Resource Center.
The fear of Skype
Now that you know how Skype works, let's see if it's unsafe. Now a lot of people misunderstand Skype. Here are 5 of the most common misconceptions:
Skype takes up a lot of bandwidth on the network.
Any computer can become a hyper-node.
Skype, like other IM applications, is vulnerable to the infection of IM worms and viruses.
It's hard to stop Skype in My network.
Skype is encrypted, so it's hard for me to archive IM information.
Now let's take a look at the correct understanding:
Fallacy 1:skype takes up a lot of bandwidth on the network
Skype actually takes up very little bandwidth, and each voice conversation takes up almost as much bandwidth as 30kb/s. If the user's computer is a hyper-node, then of course the hyper-node takes up a lot of bandwidth. However, your computer must be connected directly to the Internet, so that you can become a hyper-node, and in most enterprise environments, PCs are not directly connected to the Internet, so often the hyper-node is not the problem.
Myth 2: Any computer can become a hyper-node
We already know that only those systems that have routable IP addresses and connect directly to the Internet can become hyper-nodes. If a computer is in a particular firewall that provides NAT and uses a corporate network of 192.168.x.x or 10.x.x.x intranet IP address segments, then it cannot be a hyper-node. Nat firewalls, or even home routers, make it impossible for many systems to become hyper-nodes.
Myth 3: susceptible to im worms and viruses
According to Akonix system, early last December, a total of 1355 viruses or worms infected the IM client, none of which was infected with Skype. Although there were two Skype vulnerabilities reported in 2006, 4 from 2005 and 1 in 2004, no malicious programs exploited these vulnerabilities.
The main weakness of IM applications is their file transfer features, which allow anyone to send files with malware. To prevent such events, Skype allows any timely update of the antivirus application that is in automatic protection mode to scan its file transfer. In addition, many antivirus software have specific IM scanning options. So if you have up-to-date anti-virus software and put it in the mode of automatic protection, you have nothing to worry about. You can also disable Skype's file transfer function.
Myth 4: It's hard to stop Skype in My network
You will find it difficult to intercept Skype only if you don't know what's on your network or if you don't have the right to manage your client. There are many ways to intercept Skype, from scripting to using network management software, to intercepting Skype at the network level, and so on.
Fallacy 5:skype encrypted so it's hard for me to archive IM information for storage
This is not entirely a fallacy. The Skype conversation is really encrypted, so you really can't capture Skype traffic or archive it for storage. Many IM applications do not, so it is no more insecure than other IM programs using encryption technology.
Conclusion
So far, Skype has not been plagued by worms or viruses that afflict most IM applications. However, sooner or later hackers will discover its vulnerabilities and exploit them. Any application that allows file transfers, IM, or voice conversations, if it cannot be monitored, archived, or documented, has some degree of risk.
However, Skype's structure is more difficult to crack than other IM applications open to the Web, so it is the safest of these IM applications. However, non-networked applications such as Jabber are safer for intranet instant messaging. So far, however, Skype is more secure than MSN Messenger, Yahoo Messenger, Aim, or ICQ.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.