blocking the voice chat in Skype (Full Version)

All Forums >> [ISA Server 2004 Firewall] >> General



Message


fadi1982 -> blocking the voice chat in Skype (18.Jul.2007 7:45:40 AM)

Hi,
I want to block the voice chat in Skype, I blocked it in msn messenger, yahoo so the employees are switching to Skype to voice chat, I dont care if they can use Skype because I know fully stoping Skype is very hard because it use HTTPS, so I just want to know the port it use to pass the voice traffic.




tshinder -> RE: blocking the voice chat in Skype (18.Jul.2007 8:18:30 AM)

Use the Firewall client to block application access using the application image name in the Firewall client configuration section at the ISA Firewall.

HTH,
Tom




ferrix -> RE: blocking the voice chat in Skype (18.Jul.2007 8:35:31 AM)

Yeah it's pretty insidious.  Skype can actually tunnel the voice over SSL on :443.  Read the skype technical faq some time it's interesting... their "it just works" paradigm is great for users, but means it's designed to sneak through security systems.

Of course if your ISA server was inspecting outbound HTTPS traffic this would be stopped in its tracks, but you need a third party filter for that.  Your call whether that would be more hassle than deploying firewall client. 




fadi1982 -> RE: blocking the voice chat in Skype (18.Jul.2007 8:42:59 AM)

I think Microsoft should work on the Skype issue more because its a nightmare for network administrators, when Skype did this they asked for a challenge but unofrtunatly MS didnt take the challenge seriously.




fadi1982 -> RE: blocking the voice chat in Skype (18.Jul.2007 8:44:47 AM)

quote:

ORIGINAL: tshinder

Use the Firewall client to block application access using the application image name in the Firewall client configuration section at the ISA Firewall.

HTH,
Tom

the problem is many employee bring their laptops with them and I have a wireless connection that assign ips via DHCP so its NAT there is no FW.




tshinder -> RE: blocking the voice chat in Skype (18.Jul.2007 3:48:33 PM)

Don't let them do that. If management sees it as a problem, then block there wireless access or allow them to get to a pre-defined set of sites.

Or wait for the next version of ISA which will do this, or get Websense now :)

HTH,
Tom




Page: [1]