Re: Skype use obligation - Security x Productivity

From: Javier Reyna Padilla (jreyna@onlinet.com.mx)
Date: Tue Jul 17 2007 - 09:48:35 EDT

• Next message: Cedric Blancher: "Re: Skype use obligation - Security x Productivity"
• Previous message: Andrew Blyth: "Re: Mile2 Training (Certifications)"
• In reply to: M.B.Jr.: "Skype use obligation - Security x Productivity"
• Next in thread: Pradeep-Kumar.Karavadi@ubs.com: "RE: Skype use obligation - Security x Productivity"
• Reply: Pradeep-Kumar.Karavadi@ubs.com: "RE: Skype use obligation - Security x Productivity"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I think Skype is nt a professional service to send business oportunity,
I am sure that this partner can implement an internal messaging service,
like a jabber server, with acces just for the partners, one that can be
audited and secured where theres a need to be secured. Or maybe an IM is
not the solution.

M.B.Jr. wrote:
> Gentlemen,
> Iam part of a Brazilian Information Security consultancy focused on
> the SMB market segment and we're facing sth new.
>
> We're used to see some companies offering partnership transactions
> through web apps but this time we're dealing with the obligation of
> sheltering a new service.
>
> Some backgound:
> one of our customers has its network pretty restricted, following ISO
> 27001 and ISO 17799 that is to say, all of the services within their
> network were carefully chosen and deployed.
> Their network itself was meticulously designed.
>
> Now,
> one big partner they have is forcing them to install Skype in order to
> keep'em up to receive new business opportunities.
>
> Well,
> Skype is against their policies.
> I was asked about how hazardous this could be to their network and I
> said:
> "no, Skype is not ok because it lacks transparency concerning your
> firewalls, bridges, proxies and etc."
>
> Not to mention its port agile features.
>
> But,
> did not give one final word yet...
>
> The network's stability is my team's responsibility.
>
> What to do? Risk their efforts in obtaining ISO certification?
> Guess we need to hear some other professionals.
>
> Thank you,
> any comment will be extremmely useful.
>
>
>

-- 
¡Saludos!
________________
Javier Reyna 
CCSA CCSE WCSE NSA NSP
Consultor en Seguridad
jreyna@onlinet.com.mx
www.onlinet.com.mx
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer
http://www.cenzic.com/c/wf-spi
------------------------------------------------------------------------

• Next message: Cedric Blancher: "Re: Skype use obligation - Security x Productivity"
• Previous message: Andrew Blyth: "Re: Mile2 Training (Certifications)"
• In reply to: M.B.Jr.: "Skype use obligation - Security x Productivity"
• Next in thread: Pradeep-Kumar.Karavadi@ubs.com: "RE: Skype use obligation - Security x Productivity"
• Reply: Pradeep-Kumar.Karavadi@ubs.com: "RE: Skype use obligation - Security x Productivity"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:57 EDT