Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1998
  • Last Modified:

how to block Skype

hi experts ,

i have an issue here...i need to block Skype ports because all the people at the firm spend hrs in Skype...My boss of course doesnt understand that they save our company money..so he wants to play deputy Dog so the order is given to block Skype...but how can i block it since it is using port 80 ? We are using websense web filter and ASA 5580 ( for FW).
Should i use a GPO and kill the skype.exe process ?

please help....why do people create software that runs on the most common port ??? what happen to the rest gazillion of ports ?

please help....( i am already checking at Monster.com for another Job)
0
c_hockland
Asked:
c_hockland
  • 3
  • 2
3 Solutions
 
Chris StauntonCommented:
You can create a hash to kill the exe if launched.  Only problem is that you'll have to keep updating it when Skype releases updates.

Shooter
0
 
Chris StauntonCommented:
This might also help you out and is a much better solution.

Shooter



# Cisco equipment running IOS version 12.4 (4) T - This is the "free" option, provided your network uses Cisco gear and you have a service contract to get the latest IOS.

Cisco introduced in mid-2006 a Skype classification in NBAR.

To block Skype you do the following NBAR configuration (Source: Cisco Tips) which will drop Skype packets
and in fact any p2p application you want (limewire, kazaa, etc.):

class-map match-any p2p
match protocol skype

policy-map block-p2p
class p2p
drop

int FastEthernet0
description PIX-facing interface
service-policy input block-p2p
If you are unsure about the bandwidth eating applications being used in your organization. you can access the interface connected to the Internet and configure following command:
ip nbar protocol-discovery.
This will enable nbar discovery on your router.
Use following command:-
show ip nbar protocol-discovery stats bit-rate top-n 10
it will show you top 10 bandwidth eating applications being used by the users. Now you will be able to block/restrict traffic with appropriate QoS policy.

we can also use ip nbar port-map command to look for the protocol or protocol name, using a port number or numbers other than the well-known Internet Assigned Numbers Authority (IANA)-assigned) port numbers.

Usage as per cisco:-
ip nbar port-map protocol-name [tcp | udp] port-number

Up to 16 ports can be specified with this command. Port number values can range from 0 to 65535

- Block Skype using Group Policy (corporate environments)
0
 
c_hocklandAuthor Commented:
ok the first part ...got it...

the second,,,, int FastEthernet0

.
.
service-policy input block-p2p


the above commands go to the external or interface ???
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
Chris StauntonCommented:
FastEthernet0 should be your internal interface.  It will block any attempt by employees to use p2p applications.


Shooter
0
 
Ehab SalemIT ManagerCommented:
If you want Websense to block Skype, you have to block the "uncategorized" category. Otherwise you will have to track all IPs that users connect to and add it to a block list, and do that on a daily basis.
Are you using any application control installed? like Symantec SEP 11? ESM? If so you can also use these to stop launching Skype.
0
 
c_hocklandAuthor Commented:
thanks
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now