Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] [ Capture Skype trafic ]

from [Nick FitzGerald] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] [ Capture Skype trafic ]
Date: Mon, 30 Oct 2006 12:28:30 +1300 
Tyop? wrote:


I need to match it on a gate, and I haven't found any "usefull" informations.


And I think you should realize by now _why_ you have not found such a 
solution.  By design, Skype should outrun such an approach.  Thus, _if_ 
you are going to (somewhat/largely) beat it _with a technical solution_ 
you will need better control of the desktops.  No more "local admin" 
rights for those who really do not need it (most folk in most 
companies, and most of them that _really_ do should only need it on 
development and test machines that defintely should not have Internet 
access, at least most of the time), no more "power user" rights for the 
same reasons, etc, etc.

Yes, this will expose the excessive crappiness of most of the software 
that your current obviously totally shambolic "IT infrastructure" 
depends on, but that is a good thing, as in solving those problems, 
you'll automatically remove an awful lot of your other IT problems, 
many of which you were not previously aware of the scale (or even 
existence) of and many of which you had no iea were actually related to 
security and systems design...

_If_ management is sold on the idea that it _must_ deal with Skype, 
this may be your best yet (even only) chance to get management sign-off 
on actually designing a meaningful security policy _AND_ implementing 
the proper enforcement of it.


Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] MS are doing Windows Updates for XP to IE7, Valdis . Kletnieks
Next by Date:  Re: [Full-disclosure] MS are doing Windows Updates for XP to IE7, Nick FitzGerald
Previous by Thread:  Re: [Full-disclosure] [ Capture Skype trafic ], Tyop?
Next by Thread:  Re: [Full-disclosure] [inbox] Re: [ Capture Skype trafic ], Exibar
Indexes:  [Date] [Thread] [Top] [All Lists]