RE: Skype use obligation - Security x Productivity

[Pradeep-Kumar.Karavadi () ubs com]

How about getting MindAlign installed. It's a security compliant IM. Many big organizations use it. Just give it a 
thought 

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Javier Reyna Padilla
Sent: 17 July 2007 19:19
To: M.B.Jr.
Cc: pen-test list
Subject: Re: Skype use obligation - Security x Productivity

I think Skype is nt a professional service to send business oportunity, I am sure that this partner can implement an 
internal messaging service, like a jabber server, with acces just for the partners, one that can be audited and secured 
where theres a need to be secured. Or maybe an IM is not the solution.

M.B.Jr. wrote:
> Gentlemen,
> Iam part of a Brazilian Information Security consultancy focused on 
> the SMB market segment and we're facing sth new.
>
> We're used to see some companies offering partnership transactions 
> through web apps but this time we're dealing with the obligation of 
> sheltering a new service.
>
> Some backgound:
> one of our customers has its network pretty restricted, following ISO
> 27001 and ISO 17799 that is to say, all of the services within their 
> network were carefully chosen and deployed.
> Their network itself was meticulously designed.
>
> Now,
> one big partner they have is forcing them to install Skype in order to 
> keep'em up to receive new business opportunities.
>
> Well,
> Skype is against their policies.
> I was asked about how hazardous this could be to their network and I
> said:
> "no, Skype is not ok because it lacks transparency concerning your 
> firewalls, bridges, proxies and etc."
>
> Not to mention its port agile features.
>
> But,
> did not give one final word yet...
>
> The network's stability is my team's responsibility.
>
> What to do? Risk their efforts in obtaining ISO certification?
> Guess we need to hear some other professionals.
>
> Thank you,
> any comment will be extremmely useful.


--
¡Saludos!

________________

Javier Reyna
CCSA CCSE WCSE NSA NSP
Consultor en Seguridad
jreyna () onlinet com mx
www.onlinet.com.mx


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer

http://www.cenzic.com/c/wf-spi
------------------------------------------------------------------------

Visit our website at http://www.ubs.com

This message contains confidential information and is intended only
for the individual named.  If you are not the named addressee you
should not disseminate, distribute or copy this e-mail.  Please
notify the sender immediately by e-mail if you have received this
e-mail by mistake and delete this e-mail from your system.

E-mails are not encrypted and cannot be guaranteed to be secure or
error-free as information could be intercepted, corrupted, lost,
destroyed, arrive late or incomplete, or contain viruses.  The sender
therefore does not accept liability for any errors or omissions in the
contents of this message which arise as a result of e-mail transmission.
If verification is required please request a hard-copy version.  This
message is provided for informational purposes and should not be
construed as a solicitation or offer to buy or sell any securities
or related financial instruments.


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer

http://www.cenzic.com/c/wf-spi
------------------------------------------------------------------------