[opensuse-security] Blocking one specific user on skype from connecting to users inside my network?
Hello all.
I have a rather specific problem: I need to block one specific skype user to contact or be contacted by ppl on the inside of my network. (Company problems).
I have tried to find sollutions on the net, but havent found anything i can use. (Or so i think)
Scenario:
User X is trying to subvert ppl in my organisation through skype. (We use skype for communication to customers, so i cant just block all of it. I still need to have it running.)
I need to block user X from connecting "in". And i need to block ppl from the inside to initiate connections "out" to user X
is there any way to do this on a corporate level, or do i have to restrict every single account? I cant lock users down any more than i have, so setting them as "restricted users" wont work. They still need to gave "deeper" access to their machines.
On Sunday 20 of December 2009 15:16:39 Rikard Johnels wrote:
Hello all.
I have a rather specific problem: I need to block one specific skype user to contact or be contacted by ppl on the inside of my network.
This is not feasible. Skype's protocols are encrypted and allows proxying on several levels to enable communication through different network setups of varying complexity and/or through various access controls.
Best regards,
Hello all.
I have a rather specific problem: I need to block one specific skype user to contact or be contacted by ppl on the inside of my network.
This is not feasible. Skype's protocols are encrypted and allows proxying on several levels to enable communication through different network setups of varying complexity and/or through various access controls.
True. What might help you is a policy restriction on your employee's activities. The technical solution for a human problem doesn't work in this case (again).
Roman.
I have a rather specific problem: I need to block one specific skype user to contact or be contacted by
ppl
on the inside of my network.
This is not feasible. Skype's protocols are encrypted and allows
proxying on
several levels to enable communication through different network setups
of
varying complexity and/or through various access controls.
True. What might help you is a policy restriction on your employee's activities. The technical solution for a human problem doesn't work in this case (again).
You could back it up with some kind of automated detection. It doesn't have to be 100%, it just has to be believable. That way, people will know they shouldn't and believe they have a chance of getting caught if they do.
I believe (experts could correct me here) that skype uses the central servers for directory services and then establishes a direct PC - PC connection for the conversation. That direct link could be detected, even if the contents can't be read.
And there must be a way with skype to find the person's IP address, even if it changes.
David
On Mon, Dec 21, 2009 at 12:31:56PM -0000, Administrator wrote:
I have a rather specific problem: I need to block one specific skype user to contact or be contacted by
ppl
on the inside of my network.
This is not feasible. Skype's protocols are encrypted and allows
proxying on
several levels to enable communication through different network setups
of
varying complexity and/or through various access controls.
True. What might help you is a policy restriction on your employee's activities. The technical solution for a human problem doesn't work in this case (again).
You could back it up with some kind of automated detection. It doesn't have to be 100%, it just has to be believable. That way, people will know they shouldn't and believe they have a chance of getting caught if they do.
I believe (experts could correct me here) that skype uses the central servers for directory services and then establishes a direct PC - PC connection for the conversation. That direct link could be detected, even if the contents can't be read.
And there must be a way with skype to find the person's IP address, even if it changes.
Well it is not that easy.
Anyway, to block a single user from using skype ... Perhaps talking to him will help more.
Ciao, Marcus
-
Administrator -
Jure Koren -
Marcus Meissner -
Rikard Johnels -
Roman Drahtmueller