Everyone knows that all of the concerning behavior can be disabled
correct, or does no one read the documentation?
Consulting the network admins guide on their site, specifically in
reference to the following registry keys:
HKLM\Software\Policies\Skype\Phone\DisableApi
HKLM\Software\Policies\Skype\Phone\DisableFileTransfer
HKLM\Software\Policies\Skype\Phone\DisableSupernode
Furthermore, you can set Skype to disable listening for inbound TCP
connections, restrict the ports it uses/et cetera.
All of this reduces the problem to a previous one, which is
administrative access to the machine.
On 7/16/07, Roland Dobbins <rdobbins@cisco.com> wrote:
On Jul 16, 2007, at 2:56 PM, M.B.Jr. wrote:
> Guess we need to hear some other professionals.
I disagree with this characterization - I don't think Skype's network
behavior risks any certifications at all (for example, the Skype
could be profiled using a NetFlow-based behavioral anomaly-detection
system, for example, irrespective of its port/protocol selection),
there's nothing in any of those standards which would seem to imply
that, AFAICT. The bigger risk with Skype, IMHO, is the 'supernode'
functionality which can result in one's conversations being relayed
by random nodes beyond one's control and/or one's own Skype nodes
acting as a supernode relay for the calls of others. It also uses a
closed-source encryption scheme which hasn't been subjected to peer
review.
There are some ways to restrict Skype functionality either using
Skype and/or Skype partner add-ons as well as third-party solutions
which can restrict host application behavior. The supernode
functionality, AFAIK, is hardcoded.
Another option would be something along the lines of a Skype-to-SIP
gateway (I think there's at least one commercially available) which
would allow your customer to use SIP handsets or softphones to
communicate with the gateway, which would then proxy the calls to/
from Skype.
But making the assumption that the mere presence of Skype on the
network would somehow result in loss of certification is a bit of a
stretch, IMHO.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins@cisco.com> // 408.527.6376 voice
Culture eats strategy for breakfast.
-- Ford Motor Company
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer
http://www.cenzic.com/c/wf-spi
------------------------------------------------------------------------
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer
http://www.cenzic.com/c/wf-spi
------------------------------------------------------------------------
|