THE OFFICIAL BLOG OF THE SBS "DIVA"

With an attitude like that, just what are you doing on this here Intarweb?

P2P always has been the way that the Internet works. Talking about security risks just because something is peer to peer is just fearmongering. If you trully are that paranoid, you'd better disconnect that router and cancel that Internet connection!

We all know how to make computers completely secure. Unfortunately, following those steps also makes the computer totally useless.

You want us to ask the hard questions. I agree, as professionals, that's exactly what we are there for. As to issues about security and VOIP and P2P...

Is installing VOIP really like installing Kazaa? I really do not understand where this paranoia is coming from.

P2P on a personal computer... Fine. Secure your own network.
P2P on a SBS Network... Not on my servers. It's one thing to be so secure that you can't get any work done. Another is to deliberately expose your clients/network to unnecessary risk. And p2p, whether it is file sharing or VoIP, has no place in a corporate network.

My .02

Have to agree a bit that this seems a little bit OTT to me...

Surely it's peer to peer because once the call routing has been established by the server the caller and callee (?) communicate IP traffic directly... ie. peer to peer...

How is that risky? Would you feel better if it was on port 80? 443? I think Skype is capable of routing via a web port to prevent firewall trouble isnt it?

Given that I spend far too much time dealing with Spyware these days... (come on AV vendors... step up and be more aggresive about this stuff)...

I dont see myself losing too much sleep over highly controlled software such as Skype....

I am MUCH more concerned about the billions of websites out there waiting to infect my clients with spyware at the click of a button...

Just my 2p!

OK, my last comment got blown up.

In a nutshell.

Skype's "Permission to utilize Your computer. In order to..." sounds reasonable, pretty much all software needs this to work. :-P In practice, it has turned my computer into a proxy/super node/whatever. I don't run it anymore.

Bad peer to peer, lousy EULA, or better yet, bad engineering? No way to opt out or to throttle this behavior. So I don't run it. I've had other things happen to me like this that didn't involve peer to peer, such as installing 2k Server, and not getting the service pack installed before walking away from it for the weekend. Upon return Monday, the whole network has been pwned. DNS times out usually, and the regular network traffic is hosed as well. Turns out somebody turned FTP on the server, and proceeded to fill it with about 10 gigs of software, meanwhile handing out the address to Usenet or a chat room or BBS or something, and having several hundred people trying to download files from it. It took 3 days for traffic to settle down from that. Did I learn a lesson from that!

I applaud Susan for getting to the meat of the matter, which I can now relate to. Just because it's peer to peer doesn't mean that it's bad. Bad EULAs and bad programming make it bad.

An aside. Your captchas suck. Use a font that makes a noticable difference between 0 and O, 1 and l, 5 and S (or better yet, don't use them! That still leaves 30 characters to use...)

VOIP - not ready for prime time on business networks. Do what you will at home but there are viable, safe alternatives to VOIP that don't require use of your network to function. They have their own router which you can place outside of the computer network and still reap the benefits of VOIP without the security risks. Lingo is one that I use. Regular phones connect to the Lingo router. No phones on my network, no opening of ports. No security problems. $19.99 unlimited.

Vonage can be set up outside the firewall ahead of the firewall. Nice and cheap to run too