Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
RE: Blocking Skype..
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
RE: Blocking Skype.. - 2.Apr.2006 12:19:38 AM
|
|
|
elmajdal
Posts: 5027
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
|
Websense and also SurfControl.
quote:
SurfControl has released an enterprise security solution which blocks unauthorised use of the Skype VoIP application.
Offered as part of the company’s Enterprise Threat Shield, the software detects and controls unauthorised usage of the notoriously insecure VoIP application.
Skype is a bit of a problem for business security administrators as it is something of a closed book. It uses indiscernible encryption and is capable of working through virtually any NAT -based firewall.
The software’s developers deliberately make it capable of traversing many standard firewall implementations to ensure less technical users can install and use the service without having to worry too much about adjusting their firewall settings.
more can be found HERE
_____________________________
Tarek Majdalani
MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8
|
|
|
|
|
RE: Blocking Skype.. - 9.May2006 12:19:26 PM
|
|
|
m_ziaurrahman
Posts: 3
Joined: 14.Dec.2005
Status: offline
|
Wht Surf control Enterprise shield claims for, it might do that gaining system control centrally by deploying agents but we need a primary solution to block skype traffic on our gateway firewall ISA rather than purchasing a new product just for a single solution .
If skype can be blocked by adding signatures in the http policy than then wht about https?
ZIA
|
|
|
|
|
RE: Blocking Skype.. - 11.May2006 5:01:14 PM
|
|
|
future2000
Posts: 35
Joined: 26.Feb.2004
From: Guildford
Status: offline
|
the answer is to use squid! Problem is I just replaced our squid server with ISA server 2004 (and I'm glad I did). Anyway how would we implement something to do the following in ISA (that can be done quite easily with squid)??
The catch in successfully blocking Skype given all of the above, would be to block access to requests made by clients, to destination specified by their numeric IP address, AND using the 'Connect' method to tunnel the Skype data.
|
|
|
|
|
RE: Blocking Skype.. - 25.May2006 9:04:33 AM
|
|
|
wg4pb
Posts: 2
Joined: 25.May2006
Status: offline
|
quote:
ORIGINAL: tshinder
Ha! Squid can't block Skype. It's just a Web proxy.
Tom
Ummm..... perhaps you could read and understand the article before commenting whether this is doable with Squid or not.
Not wanting to spoil the surprise, but yes, it can be done, and is being done.
:)
|
|
|
|
|
RE: Blocking Skype.. - 30.May2006 10:53:09 PM
|
|
|
wg4pb
Posts: 2
Joined: 25.May2006
Status: offline
|
Hi Tom,
It's not a question of what Squid is, as much as it is a question of what it can actually do. It almost certainly isn't about what I "wish it to be".
Squid is much more than just a web proxy. I would strongly suggest you update your knowledge on how Skype is actually being blocked in the field
by sysadmins using Squid.
Arguing on matters of principle (what a web proxy can do or not) is more suitable for academic discussions of what a web proxy definition stands for.
Results are what really matters in the field, and they alone determine whether something is capable of delivering a certain result or not.
Regards,
WG
quote:
ORIGINAL: tshinder
Hi Wg,
No way a Web proxy only device can block Skype. You might wish it to be so, but it can't happen.
HTH,
Tom
|
|
|
|
|
RE: Blocking Skype.. - 31.May2006 2:58:10 AM
|
|
|
RAJP
Posts: 49
Joined: 11.Mar.2006
Status: offline
|
Here's the method we use:
1. A company policy against installing non-company-owned software.
2. Restricted User rights for everyone. If they cannot install it, they cannot run it.
3. A highly restrictive outbound traffic policy.
4. Daily monitoring of traffic dropped from the Internal network to the Internet due to the rule in #3.
When someone has inappropriately elevated rights on their computer, usually caused by someone leaving them in the software install group, sometimes Skype and other trash gets installed. The amount of traffic in rule #4 is actually very small on a daily basis (1,800 employees) until someone fires up Skype. That thing tries to hit hundreds of outbound ports in a minute or so. It really lights up the logs.
5. Sic the Help Desk on them to check their software inventory, tell the local IT staff to explain in writing why this person has inappropriately elevated rights on their computer, send the offending employee a copy of the policy and ask them to send it back in after having signed it to acknowledge they understand the company policy (copying their manager on it).
6. The next time it goes directly to Human Resources to be dealt with. This is not a technology problem; it's a people problem, both for the employee and the local IT staff that let them have inappropriately elevated rights.
Ray
|
|
|
|
|
RE: Blocking Skype.. - 26.Jun.2006 2:44:57 AM
|
|
|
gjasasentika
Posts: 1
Joined: 23.Jun.2006
Status: offline
|
people people people,
how are you all doing. no need for another software, because ISA can block Skype. while you all trying to block Skype i am trying to allow it on my network. yes, Skype is all blocked on my network. and please don't tell me i gave full access, because that is not the case. i gave a group http access to all websites, my first rule and second https and https server access to some sites. i still have to configure Skype to allow access. well by default on installing ISA 2004 no one had internet access and from there on i started allowing customized access. so no need for websense too, cause ISA also blocks Skype.
great day y'all.
|
|
|
|
|
RE: Blocking Skype.. - 3.Jul.2006 11:11:28 AM
|
|
|
eljohann
Posts: 1
Joined: 3.Jul.2006
Status: offline
|
quote:
ORIGINAL: gjasasentika
people people people,
how are you all doing. no need for another software, because ISA can block Skype. while you all trying to block Skype i am trying to allow it on my network. yes, Skype is all blocked on my network. and please don't tell me i gave full access, because that is not the case. i gave a group http access to all websites, my first rule and second https and https server access to some sites. i still have to configure Skype to allow access. well by default on installing ISA 2004 no one had internet access and from there on i started allowing customized access. so no need for websense too, cause ISA also blocks Skype.
great day y'all.
gj, I think we are on the same situation.
Anyways, I am doing the opposite thing. Skype is blocked and I am trying to allow it to certain users. I have blocked all sites except those sites which are considered official. I allowed *.skype.com. What other sites should I allow to be able to connect to skype?
|
|
|
|
|
RE: Blocking Skype.. - 11.Jul.2006 9:44:28 PM
|
|
|
tonygauderman
Posts: 107
Joined: 6.Feb.2006
Status: offline
|
What protocols are you allowing and what are the symptoms you experience when you try and access Skype? Are you using the firewall client?
Skype registers via http/https, but doesn't pass voice traffic over http/https, so if you can register/login to Skype, but can't make calls, you may need to look at your logs and see what's being blocked.
|
|
|
|
|
RE: Blocking Skype.. - 10.Aug.2006 11:10:52 PM
|
|
|
JEpley
Posts: 1
Joined: 10.Aug.2006
Status: offline
|
Has anyone made any progress on what it is going to take to block Skype? I agree that it’s going to be a header of some sort that actually puts a stop to this “Virus Like” program.
For those of you that are pro Skype it’s a Virus in my opinion because of this:
Skype's EULA grants Skype the use of the system on which it is installed. Article 4 of the Skype end user license agreement states, "You hereby acknowledge that the Skype Software may utilize the processor and bandwidth of the computer (or other applicable device) You are utilizing, for the limited purpose of facilitating the communication between Skype Software users."
Any program that does that is a Virus (Trojan). So if anyone finds something that works please post it.
|
|
|
|
|
RE: Blocking Skype.. - 12.Aug.2006 6:03:23 PM
|
|
|
tshinder
Posts: 47154
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hey guys,
I don't run Skype in any of my ISA installations. Can you find out what the log on servers are? Then you can create a domain name set or a computer set and block them?
Thanks!
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
RE: Blocking Skype.. - 30.Dec.2006 2:21:41 AM
|
|
|
lupusrex
Posts: 1
Joined: 3.Oct.2006
Status: offline
|
quote:
ORIGINAL: gjasasentika
people people people,
how are you all doing. no need for another software, because ISA can block
well by default on installing ISA 2004 no one had internet access and from there on i started allowing customized access. so no need for websense too, cause ISA also blocks Skype.
great day y'all.
Hey! you'rightt =)
i'm checking all my policies, one of them allow the access, i just disable most of the policies and check, and sourprise, noone can login at skype!
Thanks!
|
|
|
|
|
RE: Blocking Skype.. - 21.Jun.2007 5:41:52 AM
|
|
|
mzakir
Posts: 151
Joined: 2.Apr.2007
Status: offline
|
I have just read this msgs for blocking Skype...
Is there any solution to block skype. I am also facing same problem some my office users can connect Skype without any problem...
_____________________________
Malek Zakir
MCP,MCSA:Security,MCSA:Messaging,MCTS,CCNA,DCH
|
|
|
|
|
RE: Blocking Skype.. - 27.Jun.2007 5:06:53 AM
|
|
|
elmajdal
Posts: 5027
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
|
why u allow them to use it ? install it ?
u can user GPO and User Software Restriction to control what apps can be installed into your LAN.
_____________________________
Tarek Majdalani
MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
