University of Cambridge department bans Skype, citing security concerns
Created by Catherine Howell (University of Cambridge) on October 17, 2005
I've previously, and approvingly, cited Skype as a neat VoIP tool for teaching and learning. Now, security concerns focussing on the program's technical underpinnings could throw a (temporary?) spanner in the works.
Today, the Department of Physics at Cambridge issued a memo to all staff and students, blocking the use of Skype on the University data network (CUDN). Users were alerted to recent security compromises and back-door intrusion attempts on machines running Skype.
Breaches involved Skype's underlying P2P technology: essentially, the connection sharing permitted by Skype "makes the host computer and the CUDN available for the world at large to use for relaying purposes; indeed, the licence for such software can require the end-user to make them available even though the end-user has no power to make that commitment regarding use of the network" (Cambridge IT Syndicate policy statement on "Use and Misuse of Computing Facilities").
This event shows that an increase in network traffic is not the only reason to keep a close eye on P2P services. Users of the CUDN must be authorised, whereas P2P services allow access to unauthorised third parties. In fact, using Skype requires the granting of third-party access. Section 4.1 of Skype's End User License Agreement (EULA) states:
"Permission to utilize Your computer. In order to receive the benefits provided by the Skype Software, you hereby grant permission for the Skype Software to utilize the processor and bandwidth of your computer for the limited purpose of facilitating the communication between You and other Skype Software users."
As the Physics department memo states, agreement to this EULA is clearly in violation of the University's Authorization for Use of the CUDN policy.
Today, the Department of Physics at Cambridge issued a memo to all staff and students, blocking the use of Skype on the University data network (CUDN). Users were alerted to recent security compromises and back-door intrusion attempts on machines running Skype.
Breaches involved Skype's underlying P2P technology: essentially, the connection sharing permitted by Skype "makes the host computer and the CUDN available for the world at large to use for relaying purposes; indeed, the licence for such software can require the end-user to make them available even though the end-user has no power to make that commitment regarding use of the network" (Cambridge IT Syndicate policy statement on "Use and Misuse of Computing Facilities").
This event shows that an increase in network traffic is not the only reason to keep a close eye on P2P services. Users of the CUDN must be authorised, whereas P2P services allow access to unauthorised third parties. In fact, using Skype requires the granting of third-party access. Section 4.1 of Skype's End User License Agreement (EULA) states:
"Permission to utilize Your computer. In order to receive the benefits provided by the Skype Software, you hereby grant permission for the Skype Software to utilize the processor and bandwidth of your computer for the limited purpose of facilitating the communication between You and other Skype Software users."
As the Physics department memo states, agreement to this EULA is clearly in violation of the University's Authorization for Use of the CUDN policy.
Bookmark/Search this page with:
