released a security patch for its Unified Threat Management appliances that allows companies to block the use of Skype. This gives them a reliable way of stopping dangerous malware from entering the network via a potential security vulnerability, while preventing unwanted messaging and chatting during working hours. The patch, called HU-01050, is available immediately and will be installed automatically on all gateProtect firewall systems from Version 8.6 via the update server.
In almost all companies, the use of instant messaging programs like Skype, ICQ and AOL Instant Messenger is unwelcome. As they enable people to share files, they can pose a risk to corporate networks while distracting staff from their work. Skype is a particularly tough instant messenger as it is based on proprietary protocols that escape detection by proxies and firewalls in various ways, including encryption.
“Skype’s ability to slip through firewalls and NAT gateways is well known,” says Dennis Monner, CEO of gateProtect. “Administrators have long had an ongoing battle to block Skype. As no administrator permissions are needed to install it, many employees are unaware of their company’s security policies and use it without informing their IT department. As a result, companies have virtually no control over the data users share via Skype.” The Skype service uses Port 80 (HTTP) and Port 443 (HTTPS) for its internet connection, and in most companies these ports are open as they are needed for web use. Skype can also use higher ports (above1024) for its internet access.