Q: How can I stop Skype spam? My organisation uses it between offices, but I and some of my end-users are getting invitations to chat from people we have never met!
A: One of the best ways to avoid problems from software such as IM, P2P and VoIP is to stop the client software running at all. Many of these programs are specifically designed to disguise their network traffic, and the content of that traffic, to make them easier to deploy in the face of firewalls and other security systems. This means that their use may be incommensurate with good security practice on your network.
Of course, blocking the Skype client means that you can't actually use it any more, so this solution isn't for everyone. Nevertheless, those who are blocking these programs aren't at the extreme edge of security thinking. A poll by Sophos late in 2006 shows that 86% of administrators were interested in blocking VoIP applications (63% said blocking was essential), 87% wanted to block P2P (79% said essential), and 86% wanted to block IM (60% said essential).
If you do want to use IM, P2P or VoIP, consider allowing their use only over a virtual private network (VPN) interconnecting staff members. This means you can chat to your colleagues who are part of the same business network, but without becoming part of the largely unregulated global network of IM, VoIP or file sharing users worldwide.
Paul Ducklin is Sophos' Head of technology for the Asia Pacific.
Ask The Experts is TechTarget's FREE advice service. Send questions to firstname.lastname@example.org and we will forward them to our panel of experts who provide answers here on the site.