Home / Blogs

Skype as a Platform for Secure VPN Tunnels?

Dan York

Since Skype has an open client-side API, why not use it as a transport to tunnel VPN traffic and blow through firewalls to connect you to a remote system? That's the idea raised by Peeter P. Mõtsküla in his Skype Developer Blog entry: "Idea: skypetunnel". For instance, have a Skype client running on your home machine logged in as one account. Have Skype on your laptop on another account. Initiate a connection between the two of them and wind up with secure, encrypted access through the firewall from wherever you are. Being peer-to-peer, there would be no central servers or infrastructure required (outside the usual Skype p2p cloud.) This would require, of course, a yet-to-be-created "extra" that connected into the Skype client API and was installed on both systems… but that was the point of the article - to suggest that something like this could be done (and perhaps inspire someone to write one).

It's an interesting idea, although as one commenter noted, it has already been done in a p2p fashion by Hamachi. I don't know how large Hamachi's p2p cloud (i.e. userbase) is compared to Skype and whether or not that even makes a difference, but the point is that if you are already a Skype user, this would be a way to make use of your existing tools without using another tool.

This whole concept, though, is part of the side of Skype that is admittedly a bit scary for those of us in security, and specifically corporate security. The client-side API can be accessed by whatever extras a user installs. All Skype traffic is encrypted, naturally, so a corporate IT security person has no way to know what is going across that connection. Whatever the user installs and allows to access the API gets to use that encrypted Skype connection. If a user installs this fictional VPN Skype extra, the user could then access their corporate desktop from wherever they are - without going through the "approved" VPN gateways… and at the mercy of the security of that fictional VPN "extra". How well is that "extra" secured? Could someone else using the extra connect to your corporate desktop PC and initiate a VPN? What kind of authentication is part of it?

Yes, with Skype's business version, you can use Windows' registry settings to control access to the API, but this means that: a) the company would need to essentially "endorse" Skype usage by promoting the Skype for Business edition; and b) the company would need to somehow block all installations of the "regular" version of Skype. I guess I don't see that happening - yet - in many corporations. I expect they will probably continue to take the very black and white approach of attempting to block Skype entirely from their corporate LAN… or just ignoring the issue and letting Skype be installed if users do so. This latter case is where the Skype client API gets a bit scary.

We'll see. I agree with the article author that it's a rather logical extension of the Skype p2p cloud.... it will be interesting to see if someone does come up with a VPN "extra" for Skype.

By Dan York, Author and Speaker on Internet technologies. Dan is employed as a Senior Content Strategist with the Internet Society but opinions posted on CircleID are entirely his own. Visit the blog maintained by Dan York here.

Related topics: P2P, Security, Telecom, VoIP

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

dotStrategy Selects Neustar's Registry Threat Mitigation Services for .BUZZ Registry

24 Million Home Routers Expose ISPs to Massive DNS-Based DDoS Attacks

What Does a DDoS Attack Look Like? (Watch First 3 Minutes of an Actual Attack)

Joining Forces to Advance Protection Against Growing Diversity of DDoS Attacks

Why Managed DNS Means Secure DNS

Rodney Joffe on Why DNS Has Become a Favorite Attack Vector

Motivated to Solve Problems at Verisign

dotMobi and Digital Element Announce Strategic Partnership

Diversity, Openness and vBSDcon 2013

Neustar's Proposal for New gTLD Collision Risk Mitigation

IT Project Management: Best Practices in Small-Scale Engagements

DDoS Attacks in the United Kingdom: 2012 Annual Trends and Impact Survey

7 Keys to Professional Services Value: A Client-Side Perspective

Neustar Launches Global Partner Program

MarkMonitor Named a Top Trusted Website in OTA's 2013 Online Trust Honor Roll

Neustar Chief Technology Officer Appointed to FCC's Technological Advisory Council

Neustar Expands Professional Services Offerings for Communications Service Providers

Hope is Not a Strategy: Neustar Releases 2012 Annual DDoS Attack and Impact Survey

How Neustar Technology Can Help Mitigate DDoS Attacks

Reducing the Risks of BYOD with Nominum's Security Solution

Sponsored Topics