"After much digging online for an effective way to stop this pesky application that is highly de-centralised and a big pain to blocked, I finally found a way to do it. It has been working perfectly fine on our corporate network, and we have had no complaints of users being denied access to legitimate web destinations (that are in compliance with our security policy of course)."
Post a Comment
Member since:
2005-07-27
Member since:2005-07-01
I recently read (like 2 months ago or so?) where skype can be used for p2p transfers of files; if so, that would break my network IDS'. More annoying is that it uses ports 80 and 443 instead of it's own standard port (you can configure it to use a specific one, i believe, but by default it tries to use 4 preset ports and if they don't work, it switches over to 80 and 443/tcp.) Poor design and intentionally set to evade port filtering. Nearly as bad as gotomypc.com's product.
Member since:
2005-07-06
Member since:2005-07-06
Oh?
Let us assume that I've got a company of 100 employees and I don't want them to /abuse/ a company resource (Internet) to make their own /private/ calls using ICQ/AIM/Skype.
What does freedom of choice has to do with it? Does this freedom gives you the right to abuse the right of others?
Gilboa
Member since:---
Member since:2005-07-06
Member since:2005-06-29
Member since:2005-08-18
"Chances are, they have more or less unmetered bandwidth"
That's rather irrelevant. The bandwidth is there to serve *the company* and if it's used up by Skype (and P2P etc) than that's bad. Sorry folks, you dont get paid to come to work and call overseas and chat with your friends on IM, you get paid to do your job.
Member since:
---
Member since:2005-07-06
You say: "skype is insecure".
I say:
1) Back your claim with some hard data!
2) Support your argument with some verifiable fact-based evidence!
3) Explain what is your frame of reference (ie: what you compare it to)!
Until then I think I will still consider Skype very secure thank you very much!
Member since:---
The problems with Skype in a corporate network are :
1- Its protocol is proprietary. We don't know how it deals with your privacy => many security critical organizations (especially research centers) have forbidden its use.
2- It uses your bandwith even if it's not started. Imagine what happens if all employees use it => what a loss of investment!
If thes aspects are important for you, you know what to must do ;-)
Member since:---
Yes paranoia ("we don't know how it deals with your privacy") is always a sensible and intelligent reaction to something. If you want to know, why not contact the company that makes the product, instead of simply taking the knee-jerk reaction of blocking it. And as for "proprietary", when the heck will people stop using this as a swear-word. In any field other than IT people accept "proprietary" products without even blinking. I would be much more paranoid about what goes in my mouth and stomach, if I were of a paranoid nature, than of anything going on my computer!!! We have nothing to fear but fear itself!
Member since:2005-07-06
Member since:---
RE[4]: Skype usually disearves blockin in corporate environment
Member since:2005-09-01
Member since:
---
>Back your claim with some hard data!
http://www.zdnet.fr/actualites/internet/0,39020774,39267873,00.htm
Safety - the software of VoIP has been just prohibited by the ministry for Research in the administrations of the universities, the research centers and the higher schools. A measurement recommended by the secretariat-general to national defense
Member since:---
Yes the French Department of Defense insisted that the French Department of Research (& Education) stop using skype. What they do not tell you is that the French Department of Commerce needed an excuse to block Skype because it wants to protect telephone revenues of the state-owned France Telecom.
Skype uses AES 256 and so far it's the most powerful encryption mechanism, developed for the US department of Defense. Now that is probably something the French Department of Defense does not like either ;-)
Member since:---
"Yes the French Department of Defense insisted that the French Department of Research (& Education) stop using skype. What they do not tell you is that the French Department of Commerce needed an excuse to block Skype because it wants to protect telephone revenues of the state-owned France Telecom."
1. France Telecom is partiually state owned not fully state owned.
2. That would be the same French government that has regulated into existence one of the most competative telecoms market's in Europe despite its involvement with France Telecom. (Its actually more competative than the US telecoms market, for example.) This is far more detrimental to any revenues it would gernerate from France Telecom than a couple of governemntal contracts. With this in mind it is hard to call the French government very protectionist of France Telecom. and unless there some evidence for saying it was a pro France Telecom move I'd think it wiser to put it down to governmental paranoia or your second reason.
Member since:
2005-11-14
Corporate intranets are always filtered and blocked.
Your employer always chooses what you can or cannot do with the network infrastructure: if they do not want to chat they'll block jabber, icq, msn and whatever. If they do not want you to call your mum with skype they'll block skype.
Where's the problem in that?
RE: There is no "freedom" argument here.
RE[2]: There is no "freedom" argument here.
Member since:---
Before spreading FUD, check for yourself: http://www.skype.com/company/legal/terms/tos_web.html
Member since:2005-07-06
yes, but you better check out the EULA ( http://www.skype.com/company/legal/eula/ )
Edited 2005-11-28 14:20
Member since:---
Member since:---
Reassured ?
See http://www.skype.com/i/no_spyware.png
Found at http://www.skype.com/products/skype/windows/
Member since:---
Member since:---
Jesus. Something that is not there, whilst it could be virtually anywhere, can't be proven *NOT* to be there. Such finding may mean only one thing: You weren't looking hard enough. In this vein, it is stupid to say that Windows or any other software has a "new" security hole. Windows never had a new security hole, not a single one. All of them have always been there, and in case of Windows been there for some good six years - only you didn't yet know about them. Same goes for spyware you couldn't "prove" to be in place.
The proof you demand works the other way round: Show me that there is in fact an issue, that there is spyware contained in Skype.
Member since:
---
Member since:
2005-07-05
Stoopid!
First of all, Skype is a great program for working with other employees without having to walk all over hunting somebody down or the classic type an email, wait for response, type a response to the response, wait some more, etc.
Also, if an employee is using Skype for personal use (say talking to their spouse/friend/mom/etc), which would you rather have, a five minute Skype conversation, or a 30 minute phone conversation? The employee is going to talk regardless so it is stupid to limit one of the more effective ways of personal communication.
I can Skype and work at the same time, but I can't talk on the phone and work at the same time because the medium demands an instant response, whereas Skype allows me to finish a thought and then respond to the wife/friend/mom/coworker/whoever. I also find that phone conversations last far longer than IM conversations.
Member since:2005-07-06
Member since:
2005-07-06
Sure, a company has a right to block Skype, and anything else it wants. And I have a write to tell said company that I would never work for them.
I work in the technology sector. I find it insulting that companies feel the need to block *outgoing* connections made by programs that can be used for totally legitimate reasons (VoIP/Chat/etc.). If it's a question of bandwidth usage...get more bandwidth! I work in a small start-up company that has a simple firewall to protect itself from *outside* intruders -- otherwise, everything is wide open. No proxy, no anything. Why? Because we are all *trusted* by management to be responsible computer users. Trust...you know, that little thing that people have forgotten in this day and age.
Jared
Member since:
---
Funny how the same people who encourage others to use open formats jump on this proprietary software called Skype. It's not like SIP wouldn't exist...
If there's one software which deserves to gets blocked then it's Skype. Not because it would be insecure, it's not less or more secure than other internet applications. But it doesn't follow standards, it uses much bandwidth and even more time. You can use it at home, but not at work.
Member since:
---
Not that I particularly like skype but I don't quite understand why anyone would want to block it. Aren't most companies moving to VoIP and encouraging their employees to do the same rather than running up the company's phone bill? Instead of thinking about how to block it, it would perhaps make more sense to think about why you would want to block it at all and what may be the consequences.
Member since:
---
RE: Evil. This should NOT have been linked to
Member since:2005-07-06
Yes. It's plain bad. Really bad.
Who draws the line between Good and Bad? Me? You? Who are you (or me) to control what people want to see? What do you see as an hate website maybe it's perfectly legit for me. Maybe I'm interested of looking at it just for curiosity and have a good laugh.
If you don't want to see kiddy porn and hate websites, just don't look at them and don't look for them. No one forces them down your throat.
Member since:2005-11-28
>>kiddy porn
Hmm a new variant of Godwins law methinks, but anyway...
Bottom line is this : you work for a company enforcing company policy, if company policy does not allow Skype, you block Skype. You use the best tools for the the job.
I block port 25 to other mailservers apart from our own at work using FOSS tools will the people in this thread wailing about "Freedom of Speech" start flaming me? I block all sorts of things as work policy dictates, I will change the policy when I pick up the bill for the net access.
This has nothing to do with FOSS software or freedom of speech, this is all todo with enforcing a company policy and the story is about how to solve an interesting technical problem.
As for Evil? Please.
Member since:---
Member since:---
Last time I checked you couldn't call kiddie porn by phone or Skype... what exactly are you trying to tell us here..?
Exactly how much crack have you been smoking?
The point of content filtering and blocking services
is highly dependent on the situation.
Maybe a company doesn't want its employees using this
service, as it could be unrelated to work.
The OpenBSD article is just a guide on how to block
Skype, if the need arises.
Why in god's name are people screaming about freedom
and such? Why don't you folks go whinge to RIAA, MPAA,
Sony BMG, and Microsoft, if you're all so worried about
freedom...
Member since:
2005-07-06
All this has resulted in is having almost everything being tunneled through port 80 in an effort to evade firewall rules. Even SOAP was designed this way to avoid firewall headaches (sigh...).
Now we have packet shapers trying to analyse traffic packet by packet for protocol signatures which, in turn,
results in everything being encypted AND tunneled through port 80.
The next logical step is to have encryption cracking packet shapers (har har har).
And the absurdity continues...
One cannot solve a social problem with technology.
Edited 2005-11-28 19:42
Member since:
2005-07-24
If you don't like the company policy
(a) complain to your boss
(b) complain to your labor union
(c) leave the company
(d) circumvent the policy, risking an automatic (c)
(e) find smth. else to do, use your brain
Rather simple, right ?
Personally I'd go (a)->(c) because I prefere to be trusted rather than criminalized. However there's good reasons for companys to implement such a policy. Communication to the outside can be harmfull because if the link is established into one direction it's naturally easier to do harm than if there's no link at all. Also humans are the weakest link in security, I could imagine someone IM-social-engineering by somehow hijacking the username of a trusted person (or maybe just using a very similar one).
Edited 2005-11-28 20:05
Member since:
---
http://opensource.region-stuttgart.de/index.php?main=8&sub=8_0
That is a German authorities supported Demo server to promote Desktop-Linux. Press the "Start Linux" button. You will download a non-installing streaming client that streams a Linux Desktop-session nice and fast. My corporate network is ridden by the pest that is Websense. If the client gets through, you can browse all sites minus web-based email.
And to the guy who wrote that article: There is yet another toy for you: try blocking the Hamachi client that gives you a VPN to Windows shares all over the show - it doesn't rely on port forwarding, etc... 
Now, if someone in your company is opening up a few systems with that, that's a good laugh..
Member since:
---
This was a write-up on solving a relatively challenging technical problem. The issue at hand is very simple: how to block an UNWANTED application on a PRIVATE network. Fullstop. No philosophical discussions of any motives, reasons, pros or cons. The article was technical and straight to the point.
It is not aimed at people running ISPs or public networks and hence any discussion of public freedoms or user rights is rubbish. Do you dictate to your employer how they should run their company ? I don't think so. And controlling their network is also up to them, and that is done via an enforceable security policy.
Any mention of "trust" between management and employees is also laughable. Most employees are non-technical in nature and click "download" on almost any link that promises money, naked pictures, or free stuff. Anyone who has seriously tried to manage a network knows the headaches that come along with giving end-users too many priviliges.
And speaking of rights, one point does come to mind : We all have a right to controlling what runs on our networks. I am sure that if an intelligence agency came up with an application that worked through any firewall, everyone would be scurrying to block it. But just because Skype offers free VoIP does not make any difference : it takes away your right to control what goes on your network and poses serious issues for people that try to block it without the budget for expensive firewalls. The article simply shows how you regain that right. It does not aim to promote monopolistic practices and invasion of user privacy. I am not even sure about the feasibility of using this method on a public network (such as one run by an ISP).
rootn0de
