Mike Gatti wrote:
Hello Everyone,
I wanted to get the groups opinions/thought on how you would or currently handle users wanting or using Skype in the enterprise. Recently what has brought this to light was the fact that our firewalls started to deny/shun users randomly from access to the internet. After a couple of dozen packet captures and cross checking software installed on the clients machines we narrowed down the culprit to be Skype, which later we validated in Lab. What we saw was in random intervals all skype clients would send a burst of requests to the internet which would trigger the intrusion detection threshold of our security appliances. Given that there were no changes to those thresholds I am left to ask what caused this behavior to start, a software update or an update to the skype network (if it can be called that)? I am trying to educate myself a little more before facing the lynch mobs when I start advising on a solution.
You can start with the network admin's guide if gives the basic characteristics of normal Skype network behaviour and how it punches through NAT, STUN etc. http://download.skype.com/share/business/guides/skype-it-administrators-guid... S
Thanks for taking the time, -- Michael Gatti main. 949.371.5474 (UTC -8)