Re: [squid-users] Skype block

From: Riccardo Castellani <ric.castellani_at_alice.it>
Date: Tue, 22 Jun 2010 22:10:38 +0200

> I'm reading about method to block users for using Skype, can you
> confirm unique way is to deny access directly to all IP address when
> method 'connect' (SSL) is used ?
>>That is the preferred way, you should never allow a HTTPS connection for
>>a unknown site.

Example given, in my company I have http-server on dmz, where some
application access to it by IP address;
I'm sure it's known site because it's mine.

> In this way people cannot access directly to specific site using IP
> instead FQDN !
>>Only to those HTTPs connection to sites using ip address instead of the
>>cannonical name on the x509 certificate which is the recommended way.

I don't understand, but you confirm I can access sites ONLY by FQDN

> Can I restrict Skype access in another way to avoid this behaviour ?
>>Yes, apply a enterprise policy for software usage :)

;)

-- 
Jorge Armando Medina
Computaci�n Gr�fica de M�xico
Web: http://www.e-compugraf.com
Tel: 55 51 40 72, Ext: 124
Email: jmedina_at_e-compugraf.com
GPG Key: 1024D/28E40632 2007-07-26
GPG Fingerprint: 59E2 0C7C F128 B550 B3A6  D3AF C574 8422 28E4 0632 
Received on Tue Jun 22 2010 - 20:10:56 MDT

This archive was generated by hypermail 2.2.0 : Wed Jun 23 2010 - 12:00:04 MDT