pen-test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Skype use obligation - Security x Productivity

from [Javier Reyna Padilla] [Permanent Link][Original]
To: "M.B.Jr." <marcio.barbado@gmail.com>
Subject: Re: Skype use obligation - Security x Productivity
From: Javier Reyna Padilla <jreyna@onlinet.com.mx>
Date: Tue, 17 Jul 2007 08:48:35 -0500
Cc: pen-test list <pen-test@securityfocus.com>
Delivered-to: sp-com-lists@consult.net
Delivered-to: pentest-list2@consult.net
Delivered-to: mailing list pen-test@securityfocus.com
Delivered-to: moderator for pen-test@securityfocus.com
In-reply-to: <2df3b0cb0707161456j4363b7e4hd06f20854b1fddbc@mail.gmail.com>
List-help: <mailto:pen-test-help@securityfocus.com>
List-id: <pen-test.list-id.securityfocus.com>
List-post: <mailto:pen-test@securityfocus.com>
List-subscribe: <mailto:pen-test-subscribe@securityfocus.com>
List-unsubscribe: <mailto:pen-test-unsubscribe@securityfocus.com>
Mailing-list: contact pen-test-help@securityfocus.com; run by ezmlm
References: <2df3b0cb0707161456j4363b7e4hd06f20854b1fddbc@mail.gmail.com>
Resent-date: Tue, 17 Jul 2007 22:59:20 -0600 (MDT)
Resent-from: pen-test-return-1078484615@securityfocus.com
Resent-message-id: <20070718045920.8471C143F41@outgoing2.securityfocus.com>
Resent-sender: listbounce@securityfocus.com
Sender: listbounce@securityfocus.com
User-agent: Thunderbird 2.0.0.4 (X11/20070703) 
I think Skype is nt a professional service to send business oportunity,
I am sure that this partner can implement an internal messaging service,
like a jabber server, with acces just for the partners, one that can be
audited and secured where theres a need to be secured. Or maybe an IM is
not the solution.

M.B.Jr. wrote:
> Gentlemen,
> Iam part of a Brazilian Information Security consultancy focused on
> the SMB market segment and we're facing sth new.
>
> We're used to see some companies offering partnership transactions
> through web apps but this time we're dealing with the obligation of
> sheltering a new service.
>
> Some backgound:
> one of our customers has its network pretty restricted, following ISO
> 27001 and ISO 17799 that is to say, all of the services within their
> network were carefully chosen and deployed.
> Their network itself was meticulously designed.
>
> Now,
> one big partner they have is forcing them to install Skype in order to
> keep'em up to receive new business opportunities.
>
> Well,
> Skype is against their policies.
> I was asked about how hazardous this could be to their network and I
> said:
> "no, Skype is not ok because it lacks transparency concerning your
> firewalls, bridges, proxies and etc."
>
> Not to mention its port agile features.
>
> But,
> did not give one final word yet...
>
> The network's stability is my team's responsibility.
>
> What to do? Risk their efforts in obtaining ISO certification?
> Guess we need to hear some other professionals.
>
> Thank you,
> any comment will be extremmely useful.
>
>
>


-- 
¡Saludos!

________________

Javier Reyna 
CCSA CCSE WCSE NSA NSP
Consultor en Seguridad
jreyna@onlinet.com.mx
www.onlinet.com.mx


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer

http://www.cenzic.com/c/wf-spi
------------------------------------------------------------------------
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Mile2 Training (Certifications), Andrew Blyth
Next by Date:  Re: Skype use obligation - Security x Productivity, Cedric Blancher
Previous by Thread:  Re: Skype use obligation - Security x Productivity, Mister Dookie
Next by Thread:  RE: Skype use obligation - Security x Productivity, Pradeep-Kumar . Karavadi
Indexes:  [Date] [Thread] [Top] [All Lists]