"Skype is communications software that allows users to communicate with each other in real time using VOIP (Voice Over IP), video chat, or more traditional text chat. It is unique among other IM (Instant essaging) applications in that Skype runs over a decentralized P2P (Peer to Peer) network rather than routing all communications packets through a central server. Skype is designed to work out of the box on modern networks, and has no problems working behind a NAT (Network Address Translation) device or other firewalls. Because of its decentralized architecture, Skype makes extensive use of strong encryption, making casual eavesdropping or impersonation all but impossible. Many network and systems administrators take a dim view of Skype because historical use has shown that it can be a bandwidth hog. Other administrators fear that Skype's inherent ability to traverse firewalls is a security risk. And some administrators feel the combination of Skype's encryption and its binary only, closed-source nature make it a black box, or complete unknown that has no place being on a well-maintained network. While these are all valid concerns, they should be considered in the context of local network policies and weighed against the benefits that Skype can provide. In many cases running Skype in a well-managed environment can mitigate these risks.

The purpose of this paper is to suggest best practices and recommendations when running Skype. Although Skype is available for myriad different hardware platforms, this document will focus on the Mac, Windows, and Linux environments. Unfortunately, many of the management features available to systems administrators are available only for Skype running on Windows." Introduction / Bert Hayes.

Skype: A Practical Security Analysis
GSEC Gold Certification
Author: Bert Hayes, bhayes@infosec.utexas.edu
Adviser: Dominicus Adriyanto
Accepted: October 9 2008

Good read...