Solved

Block filetransfers in Skype - But allowing phone calls/chats - D-link DFL 700 Firewall

Posted on 2006-07-14
12
1,056 Views
Last Modified: 2013-11-16
Hi,

We wonder if there is a way to block filetransfers in skype, but allowing employees to use the chat and phone functions in skype?

We would also be happy to get a tip on how to block messenger & Yahoo messenger from accessing the net --> All functions

We are usning D-link's DFL-700 SMB firewall (EU version) solution.

Thanks,
Whatisthesloution
0
Comment
Question by:whatisthesolution
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 2
12 Comments
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17114761
See if this is any help to you;

http://www.bluecoat.com/downloads/support/tb_skype.pdf&e=14905&ei=vhC5ROXbKbXoQb7d0OEE

I'm not sure if this will prevent it.

Windows messenger part, I would do it through Group Policy.

Cheers,
Rajesh
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17115078
Messenger uses a 'signature' when it connects. You can use 'user agents' to block MSN and many other things of this nature.
Right-click your outgoing allow rule(s) and select configure http. Select the signatures tab and add as needed.

Hers'a an example
http://www.isaserver.org/tutorials/ISA-Firewall-Quick-Tip-Blocking-MSN-Messenger-Access-Enabling-Access-Some-Users.html

Open the gui, select monitoring - logging.
Make your Skpe connections; what are the ports that are being used for each function?
0
 
LVL 1

Author Comment

by:whatisthesolution
ID: 17115851
Hi guys, thaks for the responses. :-)

rsivanandan - Thanks for the link, but im sorry to say it doesn't work. :-(

Make your Skpe connections; what are the ports that are being used for each function?

Well that is a part of the problem - Skype is very agressive and uses randomly ports to connect through, from port 0 ---> 65535 to connect. So blocking it makes it almost impossible.

Bu the intesting is blocking file transfers - Skype uses AES 256-bit encryption - so its a secure line when using it for business communicartion. So we dont wont to block that part. Only transfers for security reasons so employees cannot send/recieve files.

Plz note that we are usning  D-link's DFL 700 Firewall solution.
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17125334
0
 
LVL 1

Author Comment

by:whatisthesolution
ID: 17126439
Ok, that looks interesting!
But correct me if im wrong.... But to me it looks that if we use the signature we will block it completly from be used, right? - Or am i completly wrong?

So if I am completly wrong, how should we proceed to block the file transfers? ( and not phonecalls)
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17128167
This is a trial and error. There has to be a difference in the signatures or the data traffic or the make-up of the packets otherwise the receiving end would not know the difference between voice/data flows. Still looking. What have you found out from your end?
0
 
LVL 1

Author Comment

by:whatisthesolution
ID: 17128628
No not really yet - but we found this at skype.com  - How to disable File Transfer.

To disable file transferring please add the following key to the computers registry:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Skype\Phone]
"DisableFileTransfer"=dword:00000001

To enable it again set the value from 1 to 0 or simply delete the key. Note that you must be logged in as an administrator to perform this change.

But doing this manually on plus 100 workstations is not an option that i like very much....  :-(

0
 
LVL 32

Accepted Solution

by:
rsivanandan earned 500 total points
ID: 17128700
Oh, if that is there then why not deploy the change through the Group Policy to all those 100 machines ???

http://www.windowsecurity.com/articles/Pushing-Out-Security-Settings-Configured-Registry.html

Cheers,
Rajesh
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17131899
Absolutely, or a registry drop via the login script?
0
 
LVL 1

Author Comment

by:whatisthesolution
ID: 17136629
Well skype says that the reg. change completly blocks the transfers totally, see link..

http://support.skype.com/index.php?_a=knowledgebase&_j=questiondetails&_i=631


0
 
LVL 1

Author Comment

by:whatisthesolution
ID: 17136633
Or at least it how I read it...
0
 
LVL 1

Author Comment

by:whatisthesolution
ID: 17148691
rsivanandan,  thanks it worked!

Have nice day!
Cheers whatisthesolution
0

Featured Post

Increase Agility with Enabled Toolchains

Connect your existing build, deployment, management, monitoring, and collaboration platforms. From Puppet to Chef, HipChat to Slack, ServiceNow to JIRA, Splunk to New Relic and beyond, hand off data between systems to engage the right people.

Connect with xMatters.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question