*>>Once he's made up my mind, it is going to happen, regardless of any subordinate's[1] wishes. *
Especially if they cannot be articulated in a useful manner. *ASB *(My XeeSM Profile) <http://XeeSM.com/AndrewBaker> *Exploiting Technology for Business Advantage...* * * On Fri, Dec 31, 2010 at 8:56 AM, Jonathan Link <[email protected]>wrote: > It appears that this discussion is no longer germane to your original > post. At the very least you're not finding agreement with your point of > view. > In your OP you said you were being forced to accept Skype. It's doubtful > that any security concerns you raise will cause management to change their > mind. Their decision has been made, you make it happen, share your security > concerns so they're noted for the record, implement their requested software > based on the business need and move on. As one of the partners in my firm > loves to say, don't show my the pain, show me the baby. Once he's made up > my mind, it is going to happen, regardless of any subordinate's[1] wishes. > This is all very familiar[2]. > > [1] I have had success in raising concerns to other receptive partners and > having him back track, but that's a political move, not a technical move. > [2] Have we had a similar discussion before? > > On Fri, Dec 31, 2010 at 2:01 AM, Kurt Buff <[email protected]> wrote: > >> True, but... >> >> As I'll keep hammering on - the traffic for other apps is much more >> transparent than that for skype, and NIDS systems, such as snort, >> etc., can help with the other apps, but absolutely cannot help with >> skype. >> >> Kurt >> >> On Thu, Dec 30, 2010 at 21:28, Andrew S. Baker <[email protected]> wrote: >> >>>It's also precisely how exploitations begin, not merely DoSes. >> > >> > Well then, it's a good thing that none of the other software we >> > use ever behaves like that. >> > >> > ASB (My XeeSM Profile) >> > Exploiting Technology for Business Advantage... >> > >> > >> > >> > On Thu, Dec 30, 2010 at 11:29 PM, Kurt Buff <[email protected]> >> wrote: >> >> >> >> It's also precisely how exploitations begin, not merely DoSes. >> >> >> >> On Thu, Dec 30, 2010 at 14:51, Andrew S. Baker <[email protected]> >> wrote: >> >> >>>Really? A delay in response causes a crash in client software? >> Really? >> >> > Isn't that precisely how a DoS works? >> >> > Did you read the whole article or just the summary? The "client" >> >> > software, as you noted before, is operating in P2P mode, so it is >> both >> >> > client and server software, depending on the type of activity being >> >> > performed at that time. >> >> > While a regrettable problem, it wasn't inconceivable that something >> like >> >> > this could happen if things lined up right. >> >> > >> >> > ASB (My XeeSM Profile) >> >> > Exploiting Technology for Business Advantage... >> >> > >> >> > >> >> > >> >> > On Thu, Dec 30, 2010 at 5:02 PM, Kurt Buff <[email protected]> >> wrote: >> >> >> >> >> >> Oh, and I just saw this: >> >> >> >> >> >> http://blogs.skype.com/en/2010/12/cio_update.html: "On Wednesday, >> >> >> December 22, a cluster of support servers responsible for offline >> >> >> instant messaging became overloaded. As a result of this overload, >> >> >> some Skype clients received delayed responses from the overloaded >> >> >> servers. In a version of the Skype for Windows client (version >> >> >> 5.0.0152), the delayed responses from the overloaded servers were >> not >> >> >> properly processed, causing Windows clients running the affected >> >> >> version to crash." >> >> >> >> >> >> Really? A delay in response causes a crash in client software? >> Really? >> >> >> >> >> >> I'm glad it's fixed in the newest versions, but wow... >> >> >> >> >> >> Now, I must qualify my concern - I don't care nearly as much about >> >> >> skype on phones - they're not going to live on my production >> network, >> >> >> and phones running Good software have corporate data relatively well >> >> >> protected. Smartphones will live on a guest network. It's the >> >> >> workstations I'm concerned about. >> >> >> >> >> >> Kurt >> >> >> >> >> >> On Thu, Dec 30, 2010 at 12:25, Andrew S. Baker <[email protected]> >> >> >> wrote: >> >> >> > What's your main concern with Skype? >> >> >> > What aspect of security is your focus? >> >> >> > >> >> >> > ASB (My XeeSM Profile) >> >> >> > Exploiting Technology for Business Advantage... >> >> >> > >> >> >> > >> >> >> > >> >> >> > On Thu, Dec 30, 2010 at 3:15 PM, Kurt Buff <[email protected]> >> >> >> > wrote: >> >> >> >> >> >> >> >> This is pretty old, but I'm now being forced to allow skype on >> our >> >> >> >> network, and I'm pretty unhappy about it.. >> >> >> >> >> >> >> >> Ken, is your firm still allowing skype, and if so, can you speak >> to >> >> >> >> what your security folks did to make themselves happy about >> allowing >> >> >> >> skype? >> >> >> >> >> >> >> >> Has anyone else here done a security review that gave them a >> >> >> >> decision >> >> >> >> one way or the other about allowing it? >> >> >> >> >> >> >> >> Kurt >> >> >> >> >> >> >> >> On Thu, Jan 15, 2009 at 08:12, Ken Cornetet >> >> >> >> <[email protected]> >> >> >> >> wrote: >> >> >> >> > We are deploying it here to a few users. >> >> >> >> > >> >> >> >> > >> >> >> >> > >> >> >> >> > I’m using group policy to turn off being a supernode, >> downloads, >> >> >> >> > listening >> >> >> >> > on tcp ports, and 3rd party access to the Skype API. >> >> >> >> > >> >> >> >> > >> >> >> >> > >> >> >> >> > Our security folks reviewed it and are happy. >> >> >> >> > >> >> >> >> > >> >> >> >> > >> >> >> >> > From: Tim Evans [mailto:[email protected]] >> >> >> >> > Sent: Thursday, January 15, 2009 11:01 AM >> >> >> >> > To: NT System Admin Issues >> >> >> >> > Subject: Skype >> >> >> >> > >> >> >> >> > >> >> >> >> > >> >> >> >> > Has anyone looked at Skype recently? We’ve got a client that >> >> >> >> > wants >> >> >> >> > us >> >> >> >> > to >> >> >> >> > use Skype for communications with them. I’ve always been a >> little >> >> >> >> > leery >> >> >> >> > of >> >> >> >> > using them in a business environment, but looking at it now, I >> see >> >> >> >> > they >> >> >> >> > have >> >> >> >> > a MSI download for easy deployment and a group policy template >> for >> >> >> >> > central >> >> >> >> > administration of settings. It all looks pretty cool. While the >> >> >> >> > security >> >> >> >> > guy >> >> >> >> > in me wants to say no, I’m having a hard time finding a reason >> not >> >> >> >> > to >> >> >> >> > say >> >> >> >> > OK. >> >> >> >> > >> >> >> >> > >> >> >> >> > >> >> >> >> > I’m curious what the members of this esteemed group think about >> it >> >> >> >> > >> >> >> >> > >> >> >> >> > >> >> >> >> > >> >> >> >> > >> >> >> >> > …Tim >> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
