Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Skype use obligation - Security x Productivity

from [Doug Schlachta] Network Security [Permanent Link]
Subject: Re: Skype use obligation - Security x Productivity
Date: Tue, 17 Jul 2007 05:16:56 -0700 (PDT) 
Marcio,
 
 
I have also run into the same dilemma with the usage of Skype,
 
I did find one possible solution, that is a phone based Skype appliance.
The main advantage of this appliance product is that there is no vulnerability 
in giving Skype access to the internal network as it in utilized via the PBX or 
any form of telco system.
 
Check out this link for more information.
 
http://www.industrydynamics.ca/
 
In there look at the Skype for Enterprise.
 
I found this product very interesting and not infringing upon any ISO 
Certifications.
 
Regards 
Douglas Schlachta 
CISSP, SSCP, MCSE;Security, MCSE, CFOT 
Senior Security Professional
 


----- Original Message ----
From: M.B.Jr. <marcio.barbado@gmail.com>
To: pen-test list <pen-test@securityfocus.com>
Sent: Monday, July 16, 2007 5:56:12 PM
Subject: Skype use obligation - Security x Productivity


Gentlemen,
Iam part of a Brazilian Information Security consultancy focused on
the SMB market segment and we're facing sth new.

We're used to see some companies offering partnership transactions
through web apps but this time we're dealing with the obligation of
sheltering a new service.

Some backgound:
one of our customers has its network pretty restricted, following ISO
27001 and ISO 17799 that is to say, all of the services within their
network were carefully chosen and deployed.
Their network itself was meticulously designed.

Now,
one big partner they have is forcing them to install Skype in order to
keep'em up to receive new business opportunities.

Well,
Skype is against their policies.
I was asked about how hazardous this could be to their network and I said:
"no, Skype is not ok because it lacks transparency concerning your
firewalls, bridges, proxies and etc."

Not to mention its port agile features.

But,
did not give one final word yet...

The network's stability is my team's responsibility.

What to do? Risk their efforts in obtaining ISO certification?
Guess we need to hear some other professionals.

Thank you,
any comment will be extremmely useful.



-- 
Marcio Barbado, Jr.
==============
==============

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer

http://www.cenzic.com/c/wf-spi
------------------------------------------------------------------------

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer

http://www.cenzic.com/c/wf-spi
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Skype use obligation - Security x Productivity, Cedric Blancher
Next by Date:  Re: Wireless assessment, Cedric Blancher
Previous by Thread:  RE: Skype use obligation - Security x Productivity, aSEC
Next by Thread:  [Full-disclosure] [Sec-1 Ltd] Advisory: MailMarshal Spam Quarantine Password Retrieval Vulnerability, Gary Oleary-Steele
Indexes:  [Date] [Thread] [Top] [All Lists]