Hi!
On Thu, Mar 22, 2007 at 05:41:57PM -0500, K K wrote:
> Funny, one of my support complaints to Secure Computing is that there
> is no secure way to *enable* Skype through a Sidewinder G2 without
> also opening up all other P2P protocols.
You know the attached paper? Yes, socks is evil. But you still can
control this stuff with host based security products (if your users
do not have local administrative privileges). I endorse and sell
F-Secure's client security suite, which lets you centrally control
which application is allowed to open which network connection.
So you could permit Skype but not ... whatever ... to use the
Socks proxy.
Implied you are running Windows on >90% of all desks and the
remaining CAD workstations running HP-UX or graphics/layout
workstations running Mac OS X can be considered to have users
of a sufficiently higher clue level ;-)
Well, of course the most common complaint about <insert your firewall>
is, "it does not support application X".
Answer: that's not the job of a firewall. A firewall is a policy
enforcement device. Please provide enough evidence to the claim that
"application X adheres to our policy".
Caveat: you will need a defined and written policy first.
> We had a couple of other vendors claim to "detect" Skype traffic, but
> they actually only do just enough detection to be able to sometimes
> block it, not nearly accurate enough to use to write a permit policy.
Neither does Sidewinder. It simply enforces a positive security
model that Skype does not pass. Period.
Kind regards,
Patrick M. Hausen
Leiter Netzwerke und Sicherheit
--
punkt.de GmbH * Vorholzstr. 25 * 76137 Karlsruhe
Tel. 0721 9109 0 * Fax 0721 9109 100
info@punkt.de http://www.punkt.de
Gf: Jürgen Egeling AG Mannheim 108285
SkypeV2_1.pdf
Description: Adobe PDF document
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
|