whatisthesolution
asked on
Block filetransfers in Skype - But allowing phone calls/chats - D-link DFL 700 Firewall
Hi,
We wonder if there is a way to block filetransfers in skype, but allowing employees to use the chat and phone functions in skype?
We would also be happy to get a tip on how to block messenger & Yahoo messenger from accessing the net --> All functions
We are usning D-link's DFL-700 SMB firewall (EU version) solution.
Thanks,
Whatisthesloution
We wonder if there is a way to block filetransfers in skype, but allowing employees to use the chat and phone functions in skype?
We would also be happy to get a tip on how to block messenger & Yahoo messenger from accessing the net --> All functions
We are usning D-link's DFL-700 SMB firewall (EU version) solution.
Thanks,
Whatisthesloution
Messenger uses a 'signature' when it connects. You can use 'user agents' to block MSN and many other things of this nature.
Right-click your outgoing allow rule(s) and select configure http. Select the signatures tab and add as needed.
Hers'a an example
http://www.isaserver.org/tutorials/ISA-Firewall-Quick-Tip-Blocking-MSN-Messenger-Access-Enabling-Access-Some-Users.html
Open the gui, select monitoring - logging.
Make your Skpe connections; what are the ports that are being used for each function?
Right-click your outgoing allow rule(s) and select configure http. Select the signatures tab and add as needed.
Hers'a an example
http://www.isaserver.org/tutorials/ISA-Firewall-Quick-Tip-Blocking-MSN-Messenger-Access-Enabling-Access-Some-Users.html
Open the gui, select monitoring - logging.
Make your Skpe connections; what are the ports that are being used for each function?
ASKER
Hi guys, thaks for the responses. :-)
rsivanandan - Thanks for the link, but im sorry to say it doesn't work. :-(
Make your Skpe connections; what are the ports that are being used for each function?
Well that is a part of the problem - Skype is very agressive and uses randomly ports to connect through, from port 0 ---> 65535 to connect. So blocking it makes it almost impossible.
Bu the intesting is blocking file transfers - Skype uses AES 256-bit encryption - so its a secure line when using it for business communicartion. So we dont wont to block that part. Only transfers for security reasons so employees cannot send/recieve files.
Plz note that we are usning D-link's DFL 700 Firewall solution.
rsivanandan - Thanks for the link, but im sorry to say it doesn't work. :-(
Make your Skpe connections; what are the ports that are being used for each function?
Well that is a part of the problem - Skype is very agressive and uses randomly ports to connect through, from port 0 ---> 65535 to connect. So blocking it makes it almost impossible.
Bu the intesting is blocking file transfers - Skype uses AES 256-bit encryption - so its a secure line when using it for business communicartion. So we dont wont to block that part. Only transfers for security reasons so employees cannot send/recieve files.
Plz note that we are usning D-link's DFL 700 Firewall solution.
ASKER
Ok, that looks interesting!
But correct me if im wrong.... But to me it looks that if we use the signature we will block it completly from be used, right? - Or am i completly wrong?
So if I am completly wrong, how should we proceed to block the file transfers? ( and not phonecalls)
But correct me if im wrong.... But to me it looks that if we use the signature we will block it completly from be used, right? - Or am i completly wrong?
So if I am completly wrong, how should we proceed to block the file transfers? ( and not phonecalls)
This is a trial and error. There has to be a difference in the signatures or the data traffic or the make-up of the packets otherwise the receiving end would not know the difference between voice/data flows. Still looking. What have you found out from your end?
ASKER
No not really yet - but we found this at skype.com - How to disable File Transfer.
To disable file transferring please add the following key to the computers registry:
[HKEY_LOCAL_MACHINE\SOFTWA
"DisableFileTransfer"=dwor
To enable it again set the value from 1 to 0 or simply delete the key. Note that you must be logged in as an administrator to perform this change.
But doing this manually on plus 100 workstations is not an option that i like very much.... :-(
To disable file transferring please add the following key to the computers registry:
[HKEY_LOCAL_MACHINE\SOFTWA
"DisableFileTransfer"=dwor
To enable it again set the value from 1 to 0 or simply delete the key. Note that you must be logged in as an administrator to perform this change.
But doing this manually on plus 100 workstations is not an option that i like very much.... :-(
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Absolutely, or a registry drop via the login script?
ASKER
Well skype says that the reg. change completly blocks the transfers totally, see link..
http://support.skype.com/index.php?_a=knowledgebase&_j=questiondetails&_i=631
http://support.skype.com/index.php?_a=knowledgebase&_j=questiondetails&_i=631
ASKER
Or at least it how I read it...
ASKER
rsivanandan, thanks it worked!
Have nice day!
Cheers whatisthesolution
Have nice day!
Cheers whatisthesolution
http://www.bluecoat.com/downloads/support/tb_skype.pdf&e=14905&ei=vhC5ROXbKbXoQb7d0OEE
I'm not sure if this will prevent it.
Windows messenger part, I would do it through Group Policy.
Cheers,
Rajesh