Penetration Testing mailing list archives

Re: Skype use obligation - Security x Productivity

From: Javier Reyna Padilla <jreyna () onlinet com mx>
Date: Tue, 17 Jul 2007 08:48:35 -0500

I think Skype is nt a professional service to send business oportunity,
I am sure that this partner can implement an internal messaging service,
like a jabber server, with acces just for the partners, one that can be
audited and secured where theres a need to be secured. Or maybe an IM is
not the solution.

M.B.Jr. wrote:

Gentlemen,
Iam part of a Brazilian Information Security consultancy focused on
the SMB market segment and we're facing sth new.

We're used to see some companies offering partnership transactions
through web apps but this time we're dealing with the obligation of
sheltering a new service.

Some backgound:
one of our customers has its network pretty restricted, following ISO
27001 and ISO 17799 that is to say, all of the services within their
network were carefully chosen and deployed.
Their network itself was meticulously designed.

Now,
one big partner they have is forcing them to install Skype in order to
keep'em up to receive new business opportunities.

Well,
Skype is against their policies.
I was asked about how hazardous this could be to their network and I
said:
"no, Skype is not ok because it lacks transparency concerning your
firewalls, bridges, proxies and etc."

Not to mention its port agile features.

But,
did not give one final word yet...

The network's stability is my team's responsibility.

What to do? Risk their efforts in obtaining ISO certification?
Guess we need to hear some other professionals.

Thank you,
any comment will be extremmely useful.



-- 
¡Saludos!

________________

Javier Reyna 
CCSA CCSE WCSE NSA NSP
Consultor en Seguridad
jreyna () onlinet com mx
www.onlinet.com.mx


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer

http://www.cenzic.com/c/wf-spi
------------------------------------------------------------------------

Current thread:

Skype use obligation - Security x Productivity M . B . Jr . (Jul 16)
- Re: Skype use obligation - Security x Productivity Javier O. Augusto (Jul 17)
  - RE: Skype use obligation - Security x Productivity Pretorius, Wynand (ZA - Johannesburg) (Jul 18)
    - Re: Skype use obligation - Security x Productivity M . B . Jr . (Jul 18)
    - Re: Skype use obligation - Security x Productivity Roland Dobbins (Jul 20)
    - Re: Skype use obligation - Security x Productivity M . B . Jr . (Jul 20)
    - Re: Skype use obligation - Security x Productivity Mister Dookie (Jul 20)
- Re: Skype use obligation - Security x Productivity Javier Reyna Padilla (Jul 17)
  - RE: Skype use obligation - Security x Productivity Pradeep-Kumar . Karavadi (Jul 17)
- Re: Skype use obligation - Security x Productivity Roland Dobbins (Jul 17)
  - Re: Skype use obligation - Security x Productivity Cedric Blancher (Jul 17)
    - Re: Skype use obligation - Security x Productivity Roland Dobbins (Jul 17)
  - Re: Skype use obligation - Security x Productivity Justin Ferguson (Jul 20)
    - Re: Skype use obligation - Security x Productivity Roland Dobbins (Jul 20)
- Re: Skype use obligation - Security x Productivity Cedric Blancher (Jul 17)
- RE: Skype use obligation - Security x Productivity aSEC (Jul 20)
- <Possible follow-ups>
- Re: Skype use obligation - Security x Productivity Doug Schlachta (Jul 17)