It appears that this discussion is no longer germane to your original post. At the very least you're not finding agreement with your point of view. In your OP you said you were being forced to accept Skype. It's doubtful that any security concerns you raise will cause management to change their mind. Their decision has been made, you make it happen, share your security concerns so they're noted for the record, implement their requested software based on the business need and move on. As one of the partners in my firm loves to say, don't show my the pain, show me the baby. Once he's made up my mind, it is going to happen, regardless of any subordinate's[1] wishes. This is all very familiar[2].
[1] I have had success in raising concerns to other receptive partners and having him back track, but that's a political move, not a technical move. [2] Have we had a similar discussion before? On Fri, Dec 31, 2010 at 2:01 AM, Kurt Buff <kurt.b...@gmail.com> wrote: > True, but... > > As I'll keep hammering on - the traffic for other apps is much more > transparent than that for skype, and NIDS systems, such as snort, > etc., can help with the other apps, but absolutely cannot help with > skype. > > Kurt > > On Thu, Dec 30, 2010 at 21:28, Andrew S. Baker <asbz...@gmail.com> wrote: > >>>It's also precisely how exploitations begin, not merely DoSes. > > > > Well then, it's a good thing that none of the other software we > > use ever behaves like that. > > > > ASB (My XeeSM Profile) > > Exploiting Technology for Business Advantage... > > > > > > > > On Thu, Dec 30, 2010 at 11:29 PM, Kurt Buff <kurt.b...@gmail.com> wrote: > >> > >> It's also precisely how exploitations begin, not merely DoSes. > >> > >> On Thu, Dec 30, 2010 at 14:51, Andrew S. Baker <asbz...@gmail.com> > wrote: > >> >>>Really? A delay in response causes a crash in client software? > Really? > >> > Isn't that precisely how a DoS works? > >> > Did you read the whole article or just the summary? The "client" > >> > software, as you noted before, is operating in P2P mode, so it is both > >> > client and server software, depending on the type of activity being > >> > performed at that time. > >> > While a regrettable problem, it wasn't inconceivable that something > like > >> > this could happen if things lined up right. > >> > > >> > ASB (My XeeSM Profile) > >> > Exploiting Technology for Business Advantage... > >> > > >> > > >> > > >> > On Thu, Dec 30, 2010 at 5:02 PM, Kurt Buff <kurt.b...@gmail.com> > wrote: > >> >> > >> >> Oh, and I just saw this: > >> >> > >> >> http://blogs.skype.com/en/2010/12/cio_update.html: "On Wednesday, > >> >> December 22, a cluster of support servers responsible for offline > >> >> instant messaging became overloaded. As a result of this overload, > >> >> some Skype clients received delayed responses from the overloaded > >> >> servers. In a version of the Skype for Windows client (version > >> >> 5.0.0152), the delayed responses from the overloaded servers were not > >> >> properly processed, causing Windows clients running the affected > >> >> version to crash." > >> >> > >> >> Really? A delay in response causes a crash in client software? > Really? > >> >> > >> >> I'm glad it's fixed in the newest versions, but wow... > >> >> > >> >> Now, I must qualify my concern - I don't care nearly as much about > >> >> skype on phones - they're not going to live on my production network, > >> >> and phones running Good software have corporate data relatively well > >> >> protected. Smartphones will live on a guest network. It's the > >> >> workstations I'm concerned about. > >> >> > >> >> Kurt > >> >> > >> >> On Thu, Dec 30, 2010 at 12:25, Andrew S. Baker <asbz...@gmail.com> > >> >> wrote: > >> >> > What's your main concern with Skype? > >> >> > What aspect of security is your focus? > >> >> > > >> >> > ASB (My XeeSM Profile) > >> >> > Exploiting Technology for Business Advantage... > >> >> > > >> >> > > >> >> > > >> >> > On Thu, Dec 30, 2010 at 3:15 PM, Kurt Buff <kurt.b...@gmail.com> > >> >> > wrote: > >> >> >> > >> >> >> This is pretty old, but I'm now being forced to allow skype on our > >> >> >> network, and I'm pretty unhappy about it.. > >> >> >> > >> >> >> Ken, is your firm still allowing skype, and if so, can you speak > to > >> >> >> what your security folks did to make themselves happy about > allowing > >> >> >> skype? > >> >> >> > >> >> >> Has anyone else here done a security review that gave them a > >> >> >> decision > >> >> >> one way or the other about allowing it? > >> >> >> > >> >> >> Kurt > >> >> >> > >> >> >> On Thu, Jan 15, 2009 at 08:12, Ken Cornetet > >> >> >> <ken.corne...@kimball.com> > >> >> >> wrote: > >> >> >> > We are deploying it here to a few users. > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > I’m using group policy to turn off being a supernode, downloads, > >> >> >> > listening > >> >> >> > on tcp ports, and 3rd party access to the Skype API. > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > Our security folks reviewed it and are happy. > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > From: Tim Evans [mailto:tev...@sparling.com] > >> >> >> > Sent: Thursday, January 15, 2009 11:01 AM > >> >> >> > To: NT System Admin Issues > >> >> >> > Subject: Skype > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > Has anyone looked at Skype recently? We’ve got a client that > >> >> >> > wants > >> >> >> > us > >> >> >> > to > >> >> >> > use Skype for communications with them. I’ve always been a > little > >> >> >> > leery > >> >> >> > of > >> >> >> > using them in a business environment, but looking at it now, I > see > >> >> >> > they > >> >> >> > have > >> >> >> > a MSI download for easy deployment and a group policy template > for > >> >> >> > central > >> >> >> > administration of settings. It all looks pretty cool. While the > >> >> >> > security > >> >> >> > guy > >> >> >> > in me wants to say no, I’m having a hard time finding a reason > not > >> >> >> > to > >> >> >> > say > >> >> >> > OK. > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > I’m curious what the members of this esteemed group think about > it > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > …Tim > >> >> >> > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > --- > > To manage subscriptions click here: > > http://lyris.sunbelt-software.com/read/my_forums/ > > or send an email to listmana...@lyris.sunbeltsoftware.com > > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
