Solved

how to block Skype

Posted on 2010-09-21
6
1,961 Views
Last Modified: 2013-11-09
hi experts ,

i have an issue here...i need to block Skype ports because all the people at the firm spend hrs in Skype...My boss of course doesnt understand that they save our company money..so he wants to play deputy Dog so the order is given to block Skype...but how can i block it since it is using port 80 ? We are using websense web filter and ASA 5580 ( for FW).
Should i use a GPO and kill the skype.exe process ?

please help....why do people create software that runs on the most common port ??? what happen to the rest gazillion of ports ?

please help....( i am already checking at Monster.com for another Job)
0
Comment
Question by:c_hockland
  • 3
  • 2
6 Comments
 
LVL 12

Accepted Solution

by:
Chris Staunton earned 334 total points
ID: 33726680
You can create a hash to kill the exe if launched.  Only problem is that you'll have to keep updating it when Skype releases updates.

Shooter
0
 
LVL 12

Assisted Solution

by:Chris Staunton
Chris Staunton earned 334 total points
ID: 33726708
This might also help you out and is a much better solution.

Shooter



# Cisco equipment running IOS version 12.4 (4) T - This is the "free" option, provided your network uses Cisco gear and you have a service contract to get the latest IOS.

Cisco introduced in mid-2006 a Skype classification in NBAR.

To block Skype you do the following NBAR configuration (Source: Cisco Tips) which will drop Skype packets
and in fact any p2p application you want (limewire, kazaa, etc.):

class-map match-any p2p
match protocol skype

policy-map block-p2p
class p2p
drop

int FastEthernet0
description PIX-facing interface
service-policy input block-p2p
If you are unsure about the bandwidth eating applications being used in your organization. you can access the interface connected to the Internet and configure following command:
ip nbar protocol-discovery.
This will enable nbar discovery on your router.
Use following command:-
show ip nbar protocol-discovery stats bit-rate top-n 10
it will show you top 10 bandwidth eating applications being used by the users. Now you will be able to block/restrict traffic with appropriate QoS policy.

we can also use ip nbar port-map command to look for the protocol or protocol name, using a port number or numbers other than the well-known Internet Assigned Numbers Authority (IANA)-assigned) port numbers.

Usage as per cisco:-
ip nbar port-map protocol-name [tcp | udp] port-number

Up to 16 ports can be specified with this command. Port number values can range from 0 to 65535

- Block Skype using Group Policy (corporate environments)
0
 

Author Comment

by:c_hockland
ID: 33726857
ok the first part ...got it...

the second,,,, int FastEthernet0

.
.
service-policy input block-p2p


the above commands go to the external or interface ???
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 12

Expert Comment

by:Chris Staunton
ID: 33727270
FastEthernet0 should be your internal interface.  It will block any attempt by employees to use p2p applications.


Shooter
0
 
LVL 14

Assisted Solution

by:Ehab Salem
Ehab Salem earned 166 total points
ID: 33732169
If you want Websense to block Skype, you have to block the "uncategorized" category. Otherwise you will have to track all IPs that users connect to and add it to a block list, and do that on a daily basis.
Are you using any application control installed? like Symantec SEP 11? ESM? If so you can also use these to stop launching Skype.
0
 

Author Closing Comment

by:c_hockland
ID: 33794829
thanks
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
The goal of the tutorial is to teach the user how to instant message and make a video call in Skype.
Need to grow your business through quality cloud solutions? With everything required to build a cloud platform and solution, you may feel like the distance between you and the cloud is quite long. Help is here. Spend some time learning about the Con…

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now