Firewall Wizards mailing list archives
Re: Sidewinder and Skype
From: "Patrick M. Hausen" <hausen () punkt de>
Date: Fri, 23 Mar 2007 00:04:15 +0100
Hi! On Thu, Mar 22, 2007 at 05:41:57PM -0500, K K wrote:
Funny, one of my support complaints to Secure Computing is that there is no secure way to *enable* Skype through a Sidewinder G2 without also opening up all other P2P protocols.
You know the attached paper? Yes, socks is evil. But you still can control this stuff with host based security products (if your users do not have local administrative privileges). I endorse and sell F-Secure's client security suite, which lets you centrally control which application is allowed to open which network connection. So you could permit Skype but not ... whatever ... to use the Socks proxy. Implied you are running Windows on >90% of all desks and the remaining CAD workstations running HP-UX or graphics/layout workstations running Mac OS X can be considered to have users of a sufficiently higher clue level ;-) Well, of course the most common complaint about <insert your firewall> is, "it does not support application X". Answer: that's not the job of a firewall. A firewall is a policy enforcement device. Please provide enough evidence to the claim that "application X adheres to our policy". Caveat: you will need a defined and written policy first.
We had a couple of other vendors claim to "detect" Skype traffic, but they actually only do just enough detection to be able to sometimes block it, not nearly accurate enough to use to write a permit policy.
Neither does Sidewinder. It simply enforces a positive security model that Skype does not pass. Period. Kind regards, Patrick M. Hausen Leiter Netzwerke und Sicherheit -- punkt.de GmbH * Vorholzstr. 25 * 76137 Karlsruhe Tel. 0721 9109 0 * Fax 0721 9109 100 info () punkt de http://www.punkt.de Gf: Jürgen Egeling AG Mannheim 108285
Attachment:
SkypeV2_1.pdf
Description:
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Sidewinder and Skype Patrick M. Hausen (Mar 22)