« Vista RC1 support with Diskeeper beta software | Main | Diskeeper Tips and Tricks: System Status Icon Control »
August 24, 2006
Detecting and eliminating Skype on your network
One of my favorite weekly tech mags, Processor, did an interesting article on a relevant topic -Skype the popular P2P Internet Telephony program. As a general rule, P2P (peer-to-peer) apps, while they may offer valuable functionality, can be a thorn in the side of System Administrators as they don't offer the client/server centralized control often necessary to manage software. In many cases P2P apps serve no business purpose and simply distract workers in the same way I get distracted by Fantasy Football -just during my lunch break of course :).
In the Processor article, the author Kurt Marko, does a good job of covering tools available to detect and control Skype. The two technologies he presents are Content Filtering (monitoring the type of traffic on the network) and Network Access Control (quarantining a system that does not follow pre-establish policy). These are excellent technologies to 1a. Prevent Skype from working across a firewall and out onto the Net, 1b. Detect the network traffic, and 2. Prevent a machine with Skype installed from entering the network.
In my opinion, it really takes BOTH technologies to mitigate the threat. Another third technology fits into that mix as well.
Sitekeeper is a software product best known for software distribution and patch management, but it can do quite a bit more...
A few years back I wrote an article titled "A Cure for Kazaa" in which I offered a simple vbs script, discussed an NT Resource Kit tool and provided a methodology, using our Sitekeeper software, to find and remove Kazaa across a network. The threat with Kazaa was that it exposed an organization to copyright infringement liability (users illegally downloading digital material) and it was laced with adware.
Skype is a legit product, though made by the Kazaa folks; and is now owned by eBay. While it doesn't have the adware, it does use network resources and as covered in that Processor article, can incur security risks.
I view Sitekeeper as a third technology that can enhance the effectives of P2P application control. Of course the Inventory Module of Sitekeeper detects the presence of Skype, but it can also be used to uninstall it. So, if you're using Content Filtering to prevent Skype from working, use Sitekeeper to quickly locate the clients that have it installed and remove it.
If you've implemented Network Access Control (NAC), as part of that lock-down, it's likely the users in your network are all operating with less privileged User accounts. Therefore the prevalence of rogue software is greatly diminished. While NAC is powerful from a security perspective, it can mean additional IT staff overhead to handle situations were a vicarious and free-thinking laptop returning from a sales trip cannot join back on due to established policy. Sitekeeper may still fit the bill to remove applications where NAC is used. That of course, depends on how strict (by application) you are with that technology and what the software removal capabilities are of those other products.
If these other technologies are further out for budgetary or IT staffing reasons, Sitekeeper can fill in the interim quite handily. And of course, Sitekeeper can make for a complimentary technology to add on top of other control measures.
Posted by Michael at August 24, 2006 07:59 PM
Comments
Hey,
Look what I found using a Google search for "Diskeeper Vista RC1". A Diskeeper blog! I had no idea this existed. :D
I use Diskeeper for all my PCs and hopefully will have it in our network environment at work when we have the funds. Its an awsome product.
To the point tho, as I'm sure you know, the Beta download available on your site will install on RC1 and install-- well, almost. When it tries to start the service, the service fals to start with no real error information.
So the question is: When will I be able to use this awsome thing in my Windows Vista? :(
Posted by: Bryan at September 10, 2006 12:02 AM