Educause Security Discussion mailing list archives
Re: Policy around IP Phones, Skype, etc.
From: David Gillett <gillettdavid () FHDA EDU>
Date: Wed, 25 Oct 2006 15:18:28 -0700
While in theory one can use Skype entirely "below the radar", in practice clients seem to eventually try to connect on port 33033 or 54045, or to ui.skype.com. You don't have to catch *all* the traffic to detect it, just *any* of the traffic. What's tricky is BLOCKING it once it's detected, since it will resort to 80 and 443 if it's not getting through on higher ports. David Gillett _____ From: Bruce Barrett [mailto:bbarrett () ccri edu] Sent: Wednesday, October 25, 2006 12:36 PM To: gillettdavid () fhda edu; SECURITY () LISTSERV EDUCAUSE EDU Subject: RE: [SECURITY] Policy around IP Phones, Skype, etc. Does anyone know how to detect that Skype is being used on network? It doesn't look that straightforward. Thanks. Bruce _____ From: David Gillett [mailto:gillettdavid () FHDA EDU] Sent: Wednesday, October 25, 2006 2:37 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Policy around IP Phones, Skype, etc. We have concerns which currently lead us to block these: 1. Our backbone doesn't yet do QoS. 2. Skype can be used as a file delivery mechanism; I believe there have already been attempts to release Skype-based worms. 3. Skype clients relay for third parties; we interpret this as a violation of the ToS from our state-funded ISP. 4. Firewalls are policy enforcement devices. When you engineer an application like Skype to sidestep firewalls, what you are building is a policy violation device. 5. We have a perfectly good campus phone system. If a user has a need it's not meeting, we'd like them to talk to us and not just try to "fix" it themselves. David Gillett _____ From: Sadler, Connie [mailto:Connie_Sadler () BROWN EDU] Sent: Wednesday, October 25, 2006 9:55 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Policy around IP Phones, Skype, etc. Does anyone have thoughts - or an actual policy - regarding the use of IP Phones or software such as Skype, etc. that they are willing to share? Thanks! Connie J. Sadler, CM, CISSP, CISM, GIAC GSLC IT Security Officer Brown University Box 1885, Providence, RI 02912 <mailto:Connie_Sadler () Brown edu> Connie_Sadler () Brown edu Office: 401-863-7266 PGP Key: <http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x91E38EFB> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x91E38EFB PGP Fingerprint: DA5F ED84 06D7 1635 4BC7 560D 9A07 80BA 91E3 8EFB
Current thread:
- Policy around IP Phones, Skype, etc. Sadler, Connie (Oct 25)
- <Possible follow-ups>
- Re: Policy around IP Phones, Skype, etc. Christopher E. Cramer (Oct 25)
- Re: Policy around IP Phones, Skype, etc. David Gillett (Oct 25)
- Re: Policy around IP Phones, Skype, etc. Cal Frye (Oct 25)
- Re: Policy around IP Phones, Skype, etc. Bruce Barrett (Oct 25)
- Re: Policy around IP Phones, Skype, etc. David Gillett (Oct 25)
- Re: Policy around IP Phones, Skype, etc. Jones, Dan (Oct 25)
- Re: Policy around IP Phones, Skype, etc. Nick Lewis (Oct 25)
- Re: Policy around IP Phones, Skype, etc. Steve Schuster (Oct 26)
- Re: Policy around IP Phones, Skype, etc. jkaftan (Nov 27)