[opensuse-security] Blocking one specific user on skype from connecting to users inside my network?
Hello all. I have a rather specific problem: I need to block one specific skype user to contact or be contacted by ppl on the inside of my network. (Company problems). I have tried to find sollutions on the net, but havent found anything i can use. (Or so i think) Scenario: User X is trying to subvert ppl in my organisation through skype. (We use skype for communication to customers, so i cant just block all of it. I still need to have it running.) I need to block user X from connecting "in". And i need to block ppl from the inside to initiate connections "out" to user X is there any way to do this on a corporate level, or do i have to restrict every single account? I cant lock users down any more than i have, so setting them as "restricted users" wont work. They still need to gave "deeper" access to their machines. -- /Rikard Johnels
On Sunday 20 of December 2009 15:16:39 Rikard Johnels wrote:
Hello all.
I have a rather specific problem: I need to block one specific skype user to contact or be contacted by ppl on the inside of my network.
This is not feasible. Skype's protocols are encrypted and allows proxying on several levels to enable communication through different network setups of varying complexity and/or through various access controls. Best regards, -- Jure Koren, n.i.
Hello all.
I have a rather specific problem: I need to block one specific skype user to contact or be contacted by ppl on the inside of my network.
This is not feasible. Skype's protocols are encrypted and allows proxying on several levels to enable communication through different network setups of varying complexity and/or through various access controls.
True. What might help you is a policy restriction on your employee's activities. The technical solution for a human problem doesn't work in this case (again). Roman. -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
I have a rather specific problem: I need to block one specific skype user to contact or be contacted by ppl on the inside of my network.
This is not feasible. Skype's protocols are encrypted and allows proxying on several levels to enable communication through different network setups of varying complexity and/or through various access controls.
True. What might help you is a policy restriction on your employee's activities. The technical solution for a human problem doesn't work in this case (again).
You could back it up with some kind of automated detection. It doesn't have to be 100%, it just has to be believable. That way, people will know they shouldn't and believe they have a chance of getting caught if they do. I believe (experts could correct me here) that skype uses the central servers for directory services and then establishes a direct PC - PC connection for the conversation. That direct link could be detected, even if the contents can't be read. And there must be a way with skype to find the person's IP address, even if it changes. David -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
On Mon, Dec 21, 2009 at 12:31:56PM -0000, Administrator wrote:
I have a rather specific problem: I need to block one specific skype user to contact or be contacted by ppl on the inside of my network.
This is not feasible. Skype's protocols are encrypted and allows proxying on several levels to enable communication through different network setups of varying complexity and/or through various access controls.
True. What might help you is a policy restriction on your employee's activities. The technical solution for a human problem doesn't work in this case (again).
You could back it up with some kind of automated detection. It doesn't have to be 100%, it just has to be believable. That way, people will know they shouldn't and believe they have a chance of getting caught if they do.
I believe (experts could correct me here) that skype uses the central servers for directory services and then establishes a direct PC - PC connection for the conversation. That direct link could be detected, even if the contents can't be read.
And there must be a way with skype to find the person's IP address, even if it changes.
Well it is not that easy. Anyway, to block a single user from using skype ... Perhaps talking to him will help more. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
participants (5)
-
Administrator -
Jure Koren -
Marcus Meissner -
Rikard Johnels -
Roman Drahtmueller