Re: Skype / Vsee

[W W <crackd () gmail com>]

Can you provide a reason as to why you chose not to use Skype on your
network?  Reading some of the other posts to my question I see some
adversity because there is  potential for an individual to use the
chat program to "leak" sensitive information.  However, the other
argument to that would be users can use any number of other methods to
accomplish the same thing.  I could use gmail, yahoo mail, etc.  Or I
could setup my own web based email system at home to connect to.  Then
you have USB devices to contend with.  So unless you have secured
everyone of those avenues blocking out Skype or other IM client seems
almost like a waste of time.

I guess what I'm looking for are there any good practices for setting
up Skype or Vsee that doesn't expose the system itself to compromise?
Some of the Skype documentation is dated.

Appreciate your feedback.

Thanks.
W

On Fri, Mar 19, 2010 at 8:51 PM, Mork <martyfromork () gmail com> wrote:
> Hi,
>
> We've just finished a security review on Skype for a part of a provincial
> government . Our recommendation was not to use Skype, unless the machine
> using Skype is NOT connected to the main network, a stansalone machine
> hooked up independently to a service provider.
>
> Mork
>
> 2010/3/17 W W <crackd () gmail com>
> > Does anyone have any recommendations or thoughts on the use of Skype
> > or Vsee in the enterprise.  I have done some research on the
> > vulnerabilities found in the products themselves.  Quite frankly most
> > software have vuls so that doesn't buy me a whole lot.  What security
> > risks are we exposing ourselves too by allowing these products into
> > our network?  Are there any good references or guidelines for locking
> > these products down in order to mitigate any risks?
> >
> > (I know this may have been talked about in the past, but there isn't a
> > way to search through the archives of this list.  At least not through
> > the "new" web interface" of SecurityFocus.)
> >
> > Thanks.
> > W
> >
> > ------------------------------------------------------------------------
> > Securing Apache Web Server with thawte Digital Certificate
> > In this guide we examine the importance of Apache-SSL and who needs an SSL
> > certificate.  We look at how SSL works, how it benefits your company and how
> > your customers can tell if a site is secure. You will find out how to test,
> > purchase, install and use a thawte Digital Certificate on your Apache web
> > server. Throughout, best practices for set-up are highlighted to help you
> > ensure efficient ongoing management of your encryption keys and digital
> > certificates.
> >
> >
> > http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> > ------------------------------------------------------------------------
>
>
>
> --
> *****************
> Mork

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------