FaceTime Communications has released a security product to tackle security concerns about Skype’s Voice over Internet Protocol (VoIP) application.
Skype, which is owned by auction giant eBay, estimates that about a third of its 170 million users are business users and is eager to capture more of the growing business VoIP market. But IT managers have worried that the Skype service might save on phone bills but pose a security risk.
FaceTime – a specialist in instant messaging and peer-to-peer network security technology – is the only security vendor to which Skype has licensed its application programming interfaces (APIs).
The new FaceTime Internet Security Edition for Skype (FISE) was released at the Infosec security show in London. The APIs allow FISE to control several aspects of Skype use.
At the top level, it can control who is allowed to use Skype. It can control who is allowed to use the VoIP, chat and instant messaging functions, a spokesperson for the security vendor said. FISE can also block the use of older versions of Skype with known vulnerabilities.
Security analysts have been worried about Skype, which uses an encrypted protocol that has been updated at least 35 times since last year to avoid detection by security products.
This poses a risk for businesses, since Skype's chat and file-sharing features could potentially be used to transfer confidential information. Security managers would not even know the application is on one of their user's machines.
"Skype tends to be brought into organisations by end users," the FaceTime spokesperson said.
Security researchers have been able to reverse-engineer some versions of Skype to detect its protocol, but this difficult, FaceTime said. Skype is capable of using most ports on a machine and can also bypass firewalls and "tunnel" using the HTTP protocol.
These evasive techniques may inspire confidence among users worried about privacy and eavesdropping, but do not translate well to businesses.
FaceTime's product uses a Linux appliance, RTGuardian, to detect and block Skype sessions and block unsanctioned versions of the application. It also uses a server, the Greynet Enterprise Manager, which allows IT managers to control who uses specific functions.