Best Practices for Controlling Skype within the Enterprise. Whitepaper
|
|
- Dale McKenzie
- 8 years ago
- Views:
Transcription
1 Best Practices for Controlling Skype within the Enterprise Whitepaper
2 INTRODUCTION Skype (rhymes with ripe ) is a proprietary peer-to-peer (P2P) voice over Internet protocol (VoIP) network, founded by the creators of Kazaa. The network is defined by all users of the free desktop software application. Skype users can speak to other Skype users for free, call traditional telephone numbers for a fee (SkypeOut), receive calls from traditional phones for a fee (SkypeIn), and receive voic messages for a fee. In addition, Skype allows its users to send instant messages and transfer files to other users in the Skype network. This white paper details why enterprises want to control Skype s use, how it works, and how it can be controlled in the enterprise network. 2
3 Control. WHY BLOCK SKYPE? Skype is a P2P protocol that intentionally evades network policies and may expose enterprises to security and liability risks. Because it was designed to work in overly restrictive environments, it is difficult to control via traditional means, such as firewalls. The unauthorized use of Skype in the workplace can cause a number of problems, including the following: 1. Skype file transfers may expose the enterprise network to unacceptable risk, since users may download files containing viruses. As mentioned above, Skype is designed to be hard to block. To date, all the traditional means of blocking unauthorized Skype network use have been unsuccessful. In order to successfully control or block Skype applications, we first need to understand how it works. HOW SKYPE WORKS Skype Login Server 2. Skype file transfers may also expose enterprises to the risk of confidential information being leaked to outside parties. 3. Because voice data is bandwidth-intensive, Skype users can consume a sizeable amount of bandwidth on an enterprise network, leaving very little for critical corporate applications. 4. As stated in the Skype end user license agreement (EULA): Message exchange with the login server during login Ordinary Host Disk space, bandwidth and processing power may be utilized to provide the Skype Services. From time-to-time your computer may become a Super node. This may include the ability for your computer to help anonymously and securely facilitate communications between other users of the Skype Software. Therefore, any instance of the Skype application running on an enterprise network may utilize private network resources to provide services to outside Skype users even if it is not being actively used by employees. Internet Super Node 5. User installations of Skype may be acting as Super nodes, allowing outside parties access to the enterprise network and creating a security risk. Like , Skype will soon be exploited for phishing attacks, downloading bots on to desktops, and harvesting confidential information. 6. Skype users may use its Instant Messaging (IM) functionality to evade enterprise IM controls, since Skype is encrypted. No products available today allow the control and logging of Skype IM. Figure 1 The Skype network 3
4 SKYPE LOGIN When users install and execute a Skype client, it first tries to figure out whether it is behind a Network Address Translator (NAT) device, such as a firewall. User Datagram Protocol (UDP) packets have trouble traversing NAT d firewalls; hence, UDP uses Simple Traversal of UDP through NAT (STUN) to determine what kind of NAT it is behind. If the type of NAT is one of Full cone, Restricted cone or Port restricted NAT, it obtains the IP address and port information that outside applications can use to connect/send UDP packets to this client. If the type of NAT is symmetrical NAT (which is typical in large enterprises), the Skype client cannot obtain this IP address and port information: NAT maps each unique IP address and port number pair to a different, externally visible IP address and port number pair; hence, the IP address and port number information delivered by STUN is not usable for other external entities. In this case, Skype uses a relay traversal technique called Traversal Using Relay NAT (TURN). This is less desirable for Skype, since relay adds a significant amount of latency to the communication. However, it does allow the communication to work. Once it has sorted out the NAT issues, the Skype client attempts to log in by sending UDP packets to a Super-node peer from its Super-node list. The Super-node list has IP addresses and port numbers of Super-nodes that are waiting to service the client. If the list is empty, it tries to log in directly to the Skype login server. After login, the Supernode list gets refreshed. If the transmission of UDP packets is restricted at the firewall, Skype client tries to connect using TCP using the port numbers in the list. If connection through TCP over the given ports does not work, Skype client tries connecting using TCP over port 80 and 443, respectively, in hopes that the firewall will interpret the Skype traffic as HTTP/HTTPS traffic and allow it through. USER SEARCH Skype uses Global Index technology to search Skype users. Skype claims that their search functionality is distributed and is guaranteed to find a user if they exist and have logged in during last 72 hours. Search results are observed to be cached at intermediate nodes. CALL ESTABLISHMENT AND TEARDOWN Call signaling is always carried over TCP. For users not present in buddy lists, call placement is equal to a user search plus call signaling. If the caller is behind portrestricted NAT and the recipient is on a public IP, signaling and media flow happens through an online public IP Skype node, which forwards signaling to the recipient over TCP and routes media over UDP. If both users are behind portrestricted NAT networks and UDP-restricted firewalls, both caller and recipient Skype clients exchange signaling over TCP with another online Skype node, which also forwards media between caller and recipient. As we can see, identifying Skype traffic is difficult, since it uses random IP addresses and ports to connect to the Skype network and may even utilize well known open ports on firewalls to connect. BEST PRACTICES Best practices call for utilizing ProxySG and firewalls together to only let known traffic in and out of your network. The following steps can be taken to accomplish this best practice. STEP 1: BLOCK ALL UNNECESSARY OPEN PORTS ON THE FIREWALL The first step to control Skype is to ensure that the enterprise firewall is doing its job in blocking all unnecessary ports. It is assumed that the security administrator has the access and ability to configure a firewall and implement other changes where necessary to support the needs of their particular user community. The first general recommendation for firewall configurations is to avoid attempting to block a large number of ports as problems present themselves quickly. This reactive approach rarely works. Ideally, an administrator should first begin the firewall configuration by blocking every port on the firewall and then going back and opening only those ports necessary for operation of corporate approved applications. In addition to allowing only specific ports to be opened (as business dictates), Blue Coat recommends that administrators prohibit high ports from being opened on the firewall. For specific cases, custom configurations will allow certain high ports to be opened where necessary. 4
5 Control. Protocol workers on the Blue Coat ProxySG proxy appliance managing application service ports for HTTP (80), RTSP (554), MMS (1755), etc. will drop client connections if they do not see respective protocol messages. Therefore, any attempt to establish a Super-node connection through these service ports will be unsuccessful, as the connection is non-conforming to standards. Beware that many internal custom web applications may also be non-conforming. If vital to company operations, they should be running on HTTPS for security and confidentiality reasons, not in the clear on HTTP. Detecting these unknown non-conforming web applications is a benefit of this step; however, administrators should plan accordingly to resume their use under HTTPS. STEP 2: BLOCK DOWNLOADS OF SKYPE EXECUTABLES Blue Coat recommends that enterprises block access to both the Skype.com domain, as well as downloads of executable content using ProxySG policy tools, such as the Blue Coat Content Policy Language (CPL) or Visual Policy Manager (VPM). It is also recommended that enterprises block downloads of URLs ending with skype.exe. This will prevent new Skype software from being downloaded to enterprise machines. Administrators can accomplish this by using the Blue Coat VPM to create a Web Access Layer. Layers for the first exception to block the Skype Web site domain, plus URLs that include skype.exe can easily be created. STEP 3: CREATE WHITE LISTS AT THE FIREWALL TO ALLOW ACCESS TO THE ENTERPRISE APPLICATIONS THAT NEED ACCESS TO THE OUTSIDE PORTS. Blue Coat recommends that enterprises selectively allow access to corporate applications to outside ports through the firewall. These firewall policies should be carefully created. In addition, administrators should check the firewall logs periodically to see if there is any activity other than the allowed applications. Should any Skype-related activity be detected, Blue Coat recommends that enterprises further harden their firewall policy, verifying approved application support. CONCLUSION Using Blue Coat ProxySG, enterprises can effectively block the use of Skype. To do so, security administrators must properly configure their firewalls to block open ports that are not needed by the general population of enterprise network users. Blue Coat ProxySG policies can be configured to block downloads of the Skype client onto network machines in the first place. And, with the firewall properly configured, searching attempts are automatically blocked by the ProxySG because the Skype protocol is not recognized as a valid (HTTP conforming) protocol by the appliance. In the destination category, an administrator can utilize the Advanced Match option: Select SET NEW URL. Then click on Advanced Match. Select At End from the dropdown and enter the download filename (SKYPE.EXE) in the path. Typically, the download filename does not change from version to version; however, Blue Coat recommends that administrators verify this by monitoring the site occasionally. Figure 2 Blocking Skype downloads using Visual Policy Manager 5
6 650 Almanor Ave. Sunnyvale, CA BCOAT Direct Fax Copyright 2005 Blue Coat Systems, Inc. All rights reserved worldwide. No part of this document may be reproduced by any means nor translated to any electronic medium without the written consent of Blue Coat Systems, Inc. Specifications are subject to change without notice. Information contained in this document is believed to be accurate and reliable, however, Blue Coat Systems, Inc. assumes no responsibility for its use, Blue Coat is a registered trademark of Blue Coat Systems, Inc. in the U.S. and worldwide. All other trademarks mentioned in this document are the property of their respective owners. Version 1.0 Blue Coat Systems provides secure proxy appliances that control user communications over the Web. Blue Coat ProxySG appliances integrate advanced proxy functionality with security services such as content filtering, instant messaging control and Web virus scanning without impacting network performance. With more than 3,000 customers and over 14,000 appliances shipped worldwide, Blue Coat is trusted by many of the world s most influential organizations to ensure a safe and productive Web environment. Blue Coat is headquartered in Sunnyvale, California, and can be reached at or
Best Practices for Controlling Skype within the Enterprise > White Paper
> White Paper Introduction Skype is continuing to gain ground in enterprises as users deploy it on their PCs with or without management approval. As it comes to your organization, should you embrace it
More informationGuidance Regarding Skype and Other P2P VoIP Solutions
Guidance Regarding Skype and Other P2P VoIP Solutions Ver. 1.1 June 2012 Guidance Regarding Skype and Other P2P VoIP Solutions Scope This paper relates to the use of peer-to-peer (P2P) VoIP protocols,
More informationSkype network has three types of machines, all running the same software and treated equally:
What is Skype? Why is Skype so successful? Everybody knows! Skype is a P2P (peer-to-peer) Voice-Over-IP (VoIP) client founded by Niklas Zennström and Janus Friis also founders of the file sharing application
More informationProxySG TechBrief Implementing a Reverse Proxy
ProxySG TechBrief Implementing a Reverse Proxy What is a reverse proxy? The Blue Coat ProxySG provides the basis for a robust and flexible Web communications solution. In addition to Web policy management,
More informationAn Analysis of the Skype Peer-to-Peer Internet Telephony Protocol
An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol Written by: Salman A. Baset and Henning G. Schulzrinne (Colombia University, NY) CIS 6000 Distributed Systems Benjamin Ferriman bferrima@uoguelph.ca
More informationSkype characteristics
Advanced Networking Skype Renato Lo Cigno Credits for part of the original material to Saverio Niccolini NEC Heidelberg Skype characteristics Skype is a well known P2P program for real time communications
More informationProxySG TechBrief Downloading & Configuring Web Filter
ProxySG TechBrief Downloading & Configuring Web Filter What is Content Filtering? URL filtering is the process of limiting a user s Web site access through a policy that is associated with a specific URL
More informationReverse Proxy with SSL - ProxySG Technical Brief
SGOS 5 Series Reverse Proxy with SSL - ProxySG Technical Brief What is Reverse Proxy with SSL? The Blue Coat ProxySG includes the functionality for a robust and flexible reverse proxy solution. In addition
More informationHTTPS HTTP. ProxySG Web Server. Client. ProxySG TechBrief Reverse Proxy with SSL. 1 Technical Brief
ProxySG TechBrief Reverse Proxy with SSL What is Reverse Proxy with SSL? The Blue Coat ProxySG includes the basis for a robust and flexible reverse proxy solution. In addition to web policy management,
More informationDownloading and Configuring WebFilter
Downloading and Configuring WebFilter What is URL Filtering? URL filtering is a type of transaction content filtering that limits a user s Web site access through a policy that is associated with a specific
More informationSkype VoIP service- architecture and comparison
Skype VoIP service- architecture and comparison Hao Wang Institute of Communication Networks and Computer Engineering University of Stuttgart Mentor: Dr.-Ing. S. Rupp ABSTRACT Skype is a peer-to-peer (P2P)
More informationNokia E65 Internet calls
Nokia E65 Internet calls Nokia E65 Internet calls Legal Notice Copyright Nokia 2007. All rights reserved. Reproduction, transfer, distribution or storage of part or all of the contents in this document
More informationProxySG ICAP Integration
ProxySG ICAP Integration Blue Coat s proxies can utilize the Internet Content Adaptation Protocol (ICAP) to hand off HTTP requests and/or responses to an external server for configured processing and transformation.
More informationProxySG TechBrief Enabling Transparent Authentication
ProxySG TechBrief Enabling Transparent Authentication What is Transparent Authentication? Authentication is a key factor when defining a web access policy. When the Blue Coat ProxyxSG is configured for
More informationSIP Security Controllers. Product Overview
SIP Security Controllers Product Overview Document Version: V1.1 Date: October 2008 1. Introduction UM Labs have developed a range of perimeter security gateways for VoIP and other applications running
More informationHow To Use A Phone Over Ip (Phyto) For A Phone Call
SIP and VoIP Skype an example VoIP client 1 SIP / VoIP: what are these? Voice over IP (VoIP) Session Initiation Protocol (SIP) Control channel Known in telephone world as signaling channel Does call setup:
More informationOverview. Tor Circuit Setup (1) Tor Anonymity Network
8-345: Introduction to Telecommunication Networks Lectures 8: Delivering Content Web, Peer-Peer, CDNs Peter Steenkiste Spring 05 www.cs.cmu.edu/~prs/nets-ece Web Peer-to-peer Motivation Architectures TOR
More informationSource-Connect Network Configuration Last updated May 2009
Source-Connect Network Configuration Last updated May 2009 For further support: Chicago: +1 312 706 5555 London: +44 20 7193 3700 support@source-elements.com This document is designed to assist IT/Network
More informationIT Security Evaluation of Skype in Corporate Networks
IT Security Evaluation of Skype in Corporate Networks Tapio Korpela Helsinki University of Technology tappik@cc.hut.fi Abstract Whilst the Skype community continues surging, using Skype Voice-over-IP (VoIP)
More informationImplementing Exception Pages
Technical Brief: Implementing Exception Pages Implementing Exception Pages SGOS 5 Series Developed using SGOS 5.3.1.4 What are Exception Pages? Exception pages are Web pages (messages sent to users under
More informationLDAP Authentication and Authorization
LDAP Authentication and Authorization What is LDAP Authentication? Today, the network can include elements such as LANs, WANs, an intranet, and the Internet. Many enterprises have turned to centralized
More informationDMZ Network Visibility with Wireshark June 15, 2010
DMZ Network Visibility with Wireshark June 15, 2010 Ashok Desai Senior Network Specialist Intel Information Technology SHARKFEST 10 Stanford University June 14-17, 2010 Outline Presentation Objective DMZ
More informationInternet Security. Prof. Anja Feldmann, Ph.D. anja@net.t-labs.tu-berlin.de http://www.net.t-labs.tu-berlin.de/
Internet Security Prof. Anja Feldmann, Ph.D. anja@net.t-labs.tu-berlin.de http://www.net.t-labs.tu-berlin.de/ Prof. Dr. Jean-Pierre Seifert jpseifert@sec.t-labs.tu-berlin.de http://www.sec.t-labs.tu-berlin.de/
More informationSecurity and the Mitel Teleworker Solution
Security and the Mitel Teleworker Solution White Paper July 2007 Copyright Copyright 2007 Mitel Networks Corporation. This document is unpublished and the following notice is affixed to protect Mitel Networks
More informationVersion 0.1 June 2010. Xerox WorkCentre 7120 Fax over Internet Protocol (FoIP)
Version 0.1 June 2010 Xerox WorkCentre 7120 Fax over Internet Protocol (FoIP) Thank you for choosing the Xerox WorkCentre 7120. Table of Contents Introduction.........................................
More informationArchitecture. The DMZ is a portion of a network that separates a purely internal network from an external network.
Architecture The policy discussed suggests that the network be partitioned into several parts with guards between the various parts to prevent information from leaking from one part to another. One part
More informationApplication Note. Onsight Connect Network Requirements v6.3
Application Note Onsight Connect Network Requirements v6.3 APPLICATION NOTE... 1 ONSIGHT CONNECT NETWORK REQUIREMENTS V6.3... 1 1 ONSIGHT CONNECT SERVICE NETWORK REQUIREMENTS... 3 1.1 Onsight Connect Overview...
More informationBlue Coat Security First Steps Solution for Controlling HTTPS
Solution for Controlling HTTPS SGOS 6.5 Third Party Copyright Notices 2014 Blue Coat Systems, Inc. All rights reserved. BLUE COAT, PROXYSG, PACKETSHAPER, CACHEFLOW, INTELLIGENCECENTER, CACHEOS, CACHEPULSE,
More informationSIP: NAT and FIREWALL TRAVERSAL Amit Bir Singh Department of Electrical Engineering George Washington University
SIP: NAT and FIREWALL TRAVERSAL Amit Bir Singh Department of Electrical Engineering George Washington University ABSTRACT The growth of market for real-time IP communications is a big wave prevalent in
More informationTo ensure you successfully install Timico VoIP for Business you must follow the steps in sequence:
To ensure you successfully install Timico VoIP for Business you must follow the steps in sequence: Firewall Settings - you may need to check with your technical department Step 1 Install Hardware Step
More informationBlue Coat Security First Steps Transparent Proxy Deployments
Transparent Proxy Deployments SGOS 6.5 Third Party Copyright Notices 2014 Blue Coat Systems, Inc. All rights reserved. BLUE COAT, PROXYSG, PACKETSHAPER, CACHEFLOW, INTELLIGENCECENTER, CACHEOS, CACHEPULSE,
More informationTECHNICAL CHALLENGES OF VoIP BYPASS
TECHNICAL CHALLENGES OF VoIP BYPASS Presented by Monica Cultrera VP Software Development Bitek International Inc 23 rd TELELCOMMUNICATION CONFERENCE Agenda 1. Defining VoIP What is VoIP? How to establish
More informationApplication Note. Onsight TeamLink And Firewall Detect v6.3
Application Note Onsight And Firewall Detect v6.3 1 ONSIGHT TEAMLINK HTTPS TUNNELING SERVER... 3 1.1 Encapsulation... 3 1.2 Firewall Detect... 3 1.2.1 Firewall Detect Test Server Options:... 5 1.2.2 Firewall
More informationA Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.
A Brief Overview of VoIP Security By John McCarron Voice of Internet Protocol is the next generation telecommunications method. It allows to phone calls to be route over a data network thus saving money
More informationNETWORKS AND THE INTERNET
NETWORKS AND THE INTERNET Outline to accompany the slide presentation 1. Networks and the Internet A Primer for Prosecutors and Investigators 2. Getting There From networks to the Internet Locating a place
More informationBlue Coat Security First Steps Solution for Deploying an Explicit Proxy
Blue Coat Security First Steps Solution for Deploying an Explicit Proxy SGOS 6.5 Third Party Copyright Notices 2014 Blue Coat Systems, Inc. All rights reserved. BLUE COAT, PROXYSG, PACKETSHAPER, CACHEFLOW,
More informationMany network and firewall administrators consider the network firewall at the network edge as their primary defense against all network woes.
RimApp RoadBLOCK goes beyond simple filtering! Many network and firewall administrators consider the network firewall at the network edge as their primary defense against all network woes. However, traditional
More informationTalkShow Advanced Network Tips
TalkShow Advanced Network Tips NewTek Workflow Team TalkShow is a powerful tool to expand a live production. While connecting in a TalkShow unit is as simple as plugging in a network cord and an SDI cable,
More informationREQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER
NEFSIS TRAINING SERIES Nefsis Dedicated Server version 5.1.0.XXX Requirements and Implementation Guide (Rev 4-10209) REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER Nefsis Training Series
More informationFirewall Firewall August, 2003
Firewall August, 2003 1 Firewall and Access Control This product also serves as an Internet firewall, not only does it provide a natural firewall function (Network Address Translation, NAT), but it also
More informationAn Analysis of the Skype Peer-to-Peer Internet Telephony Protocol
An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol Salman A. Baset and Henning Schulzrinne Department of Computer Science Columbia University, New York NY 10027 {salman,hgs}@cs.columbia.edu
More informationINSTANT MESSAGING SECURITY
INSTANT MESSAGING SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part
More informationPAVING THE PATH TO THE ELIMINATION OF THE TRADITIONAL DMZ
PAVING THE PATH TO THE ELIMINATION A RSACCESS WHITE PAPER 1 The Traditional Role of DMZ 2 The Challenges of today s DMZ deployments 2.1 Ensuring the Security of Application and Data Located in the DMZ
More informationNetwork Configuration Settings
Network Configuration Settings Many small businesses already have an existing firewall device for their local network when they purchase Microsoft Windows Small Business Server 2003. Often, these devices
More informationETM System SIP Trunk Support Technical Discussion
ETM System SIP Trunk Support Technical Discussion Release 6.0 A product brief from SecureLogix Corporation Rev C SIP Trunk Support in the ETM System v6.0 Introduction Today s voice networks are rife with
More informationBarracuda Link Balancer Administrator s Guide
Barracuda Link Balancer Administrator s Guide Version 1.0 Barracuda Networks Inc. 3175 S. Winchester Blvd. Campbell, CA 95008 http://www.barracuda.com Copyright Notice Copyright 2008, Barracuda Networks
More informationA TECHNICAL REVIEW OF CACHING TECHNOLOGIES
WHITEPAPER Over the past 10 years, the use of applications to enable business processes has evolved drastically. What was once a nice-to-have is now a mainstream staple that exists at the core of business,
More informationKERIO TECHNOLOGIES KERIO WINROUTE FIREWALL 6.4 REVIEWER S GUIDE. (Updated April 14, 2008)
KERIO TECHNOLOGIES KERIO WINROUTE FIREWALL 6.4 REVIEWER S GUIDE (Updated April 14, 2008) WHO IS KERIO? Kerio Technologies provides Internet messaging and firewall software solutions for small to medium
More informationBlue Coat Security First Steps Solution for Streaming Media
Blue Coat Security First Steps Solution for Streaming Media SGOS 6.5 Third Party Copyright Notices 2014 Blue Coat Systems, Inc. All rights reserved. BLUE COAT, PROXYSG, PACKETSHAPER, CACHEFLOW, INTELLIGENCECENTER,
More informationProxySG TechBrief LDAP Authentication with the ProxySG
ProxySG TechBrief LDAP Authentication with the ProxySG What is LDAP Authentication? Today, the network can include elements such as LANs, WANs, an intranet, and the Internet. Many enterprises have turned
More informationPROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES
PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute
More informationNetworks and the Internet A Primer for Prosecutors and Investigators
Computer Crime & Intellectual Property Section Networks and the Internet A Primer for Prosecutors and Investigators Michael J. Stawasz Senior Counsel Computer Crime and Intellectual Property Section ()
More informationEdge Configuration Series Reporting Overview
Reporting Edge Configuration Series Reporting Overview The Reporting portion of the Edge appliance provides a number of enhanced network monitoring and reporting capabilities. WAN Reporting Provides detailed
More informationNetworking for Caribbean Development
Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n
More informationSecure Web Service - Hybrid. Policy Server Setup. Release 9.2.5 Manual Version 1.01
Secure Web Service - Hybrid Policy Server Setup Release 9.2.5 Manual Version 1.01 M86 SECURITY WEB SERVICE HYBRID QUICK START USER GUIDE 2010 M86 Security All rights reserved. 828 W. Taft Ave., Orange,
More informationConfiguring Citrix NetScaler for IBM WebSphere Application Services
White Paper Configuring Citrix NetScaler for IBM WebSphere Application Services A deployment guide for configuring NetScaler load balancing and content switching When deploying IBM WebSphere Application
More informationNetsweeper Whitepaper
Netsweeper Inc. Corporate Headquarters 104 Dawson Road Suite 100 Guelph, ON, Canada N1H 1A7 CANADA T: +1 (519) 826 5222 F: +1 (519) 826 5228 Netsweeper Whitepaper Deploying Netsweeper Internet Content
More informationApplication Visibility and Monitoring >
White Paper Application Visibility and Monitoring > An integrated approach to application delivery Application performance drives business performance Every business today depends on secure, reliable information
More informationArcserve Cloud. Arcserve Cloud Getting Started Guide
Arcserve Cloud Arcserve Cloud Getting Started Guide This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is
More informationChapter 8 Router and Network Management
Chapter 8 Router and Network Management This chapter describes how to use the network management features of your ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. These features can be found by
More informationHow to Gain Visibility and Control of Encrypted SSL Web Sessions >
White Paper How to Gain Visibility and Control of Encrypted SSL Web Sessions > Executive Summary Web applications (and their derivatives IM, P2P, Web Services) continue to comprise the overwhelming majority
More informationCisco EXAM - 300-207. Implementing Cisco Threat Control Solutions (SITCS) Buy Full Product. http://www.examskey.com/300-207.html
Cisco EXAM - 300-207 Implementing Cisco Threat Control Solutions (SITCS) Buy Full Product http://www.examskey.com/300-207.html Examskey Cisco 300-207 exam demo product is here for you to test the quality
More informationNetBrain Security Guidance
NetBrain Security Guidance 1. User Authentication and Authorization 1.1. NetBrain Components NetBrain Enterprise Server includes five components: Customer License Server (CLS), Workspace Server (WSS),
More informationContact Information. Document Number: 231-02909 Document Revision: SSL Proxy Deployment Guide SGOS 5.1.4
Contact Information Blue Coat Systems Inc. 420 North Mary Ave Sunnyvale, CA 94085-4121 http://www.bluecoat.com/support/contact.html bcs.info@bluecoat.com http://www.bluecoat.com For concerns or feedback
More informationExecutive Summary. What is Authentication, Authorization, and Accounting? Why should I perform Authentication, Authorization, and Accounting?
Executive Summary As the leader in Wide Area Application Delivery, Blue Coat products accelerate and secure applications within your WAN and across the Internet. Blue Coat provides a robust and flexible
More informationBlue Coat Systems. Client Manager Redundancy for ProxyClient Deployments
Blue Coat Systems Client Manager Redundancy for ProxyClient Deployments Copyright 1999-2013 Blue Coat Systems, Inc. All rights reserved worldwide. No part of this document may be reproduced by any means
More informationOVERVIEW OF ALL VOIP SOLUTIONS
OVERVIEW OF ALL VOIP SOLUTIONS Kovács Gábor Parnaki Zsolt Gergı 13/03/2009 TABLE OF CONTENTS Introduction Overview of VoIP protocols Standard based implementations: H.323 SIP Proprietary solutions: Skype
More informationKodak Remote Support System - RSS VPN
Kodak Graphic Communications Canada Company 4225 Kincaid Street Burnaby, B.C., Canada V5G 4P5 Tel: +1.604.451.2700 Fax: +1.604.437.9891 Request support: partnerplace.kodak.com http://graphics.kodak.com
More informationAbout Firewall Protection
1. This guide describes how to configure basic firewall rules in the UTM to protect your network. The firewall then can provide secure, encrypted communications between your local network and a remote
More informationComparison of Firewall, Intrusion Prevention and Antivirus Technologies
White Paper Comparison of Firewall, Intrusion Prevention and Antivirus Technologies How each protects the network Juan Pablo Pereira Technical Marketing Manager Juniper Networks, Inc. 1194 North Mathilda
More informationApplication Note. Onsight Connect Network Requirements V6.1
Application Note Onsight Connect Network Requirements V6.1 1 ONSIGHT CONNECT SERVICE NETWORK REQUIREMENTS... 3 1.1 Onsight Connect Overview... 3 1.2 Onsight Connect Servers... 4 Onsight Connect Network
More informationF-Secure Messaging Security Gateway. Deployment Guide
F-Secure Messaging Security Gateway Deployment Guide TOC F-Secure Messaging Security Gateway Contents Chapter 1: Deploying F-Secure Messaging Security Gateway...3 1.1 The typical product deployment model...4
More informationConfiguring Security Features of Session Recording
Configuring Security Features of Session Recording Summary This article provides information about the security features of Citrix Session Recording and outlines the process of configuring Session Recording
More informationMasters Project Proxy SG
Masters Project Proxy SG Group Members Chris Candilora Cortland Clater Eric Garner Justin Jones Blue Coat Products Proxy SG Series Blue Coat Proxy SG appliances offer a comprehensive foundation for the
More informationConfiguring SonicWALL TSA on Citrix and Terminal Services Servers
Configuring on Citrix and Terminal Services Servers Document Scope This solutions document describes how to install, configure, and use the SonicWALL Terminal Services Agent (TSA) on a multi-user server,
More informationApplication Notes for Avaya IP Office 7.0 Integration with Skype Connect R2.0 Issue 1.0
Avaya Solution & Interoperability Test Lab Application Notes for Avaya IP Office 7.0 Integration with Skype Connect R2.0 Issue 1.0 Abstract These Application Notes describe the steps to configure an Avaya
More information12. Firewalls Content
Content 1 / 17 12.1 Definition 12.2 Packet Filtering & Proxy Servers 12.3 Architectures - Dual-Homed Host Firewall 12.4 Architectures - Screened Host Firewall 12.5 Architectures - Screened Subnet Firewall
More informationVOICE OVER IP AND NETWORK CONVERGENCE
POZNAN UNIVE RSITY OF TE CHNOLOGY ACADE MIC JOURNALS No 80 Electrical Engineering 2014 Assaid O. SHAROUN* VOICE OVER IP AND NETWORK CONVERGENCE As the IP network was primarily designed to carry data, it
More information1 You will need the following items to get started:
QUICKSTART GUIDE 1 Getting Started You will need the following items to get started: A desktop or laptop computer Two ethernet cables (one ethernet cable is shipped with the _ Blocker, and you must provide
More informationCreating your own service profile for SJphone
SJ Labs, Inc. 2005 All rights reserved SJphone is a registered trademark. No part of this document may be copied, altered, or transferred to, any other media without written, explicit consent from SJ Labs
More informationMadCap Software. Upgrading Guide. Pulse
MadCap Software Upgrading Guide Pulse Copyright 2014 MadCap Software. All rights reserved. Information in this document is subject to change without notice. The software described in this document is furnished
More informationControlling Risk, Conserving Bandwidth, and Monitoring Productivity with Websense Web Security and Websense Content Gateway
Controlling Risk, Conserving Bandwidth, and Monitoring Productivity with Websense Web Security and Websense Content Gateway Websense Support Webinar January 2010 web security data security email security
More informationDeveloping P2P Protocols across NAT
Developing P2P Protocols across NAT Girish Venkatachalam Abstract Hole punching is a possible solution to solving the NAT problem for P2P protocols. Network address translators (NATs) are something every
More informationWhite Paper. Enterprise IPTV and Video Streaming with the Blue Coat ProxySG >
White Paper Enterprise IPTV and Video Streaming with the Blue Coat ProxySG > Table of Contents INTRODUCTION................................................... 2 SOLUTION ARCHITECTURE.........................................
More informationFIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design Learning Objectives Identify common misconceptions about firewalls Explain why a firewall
More informationDeploying the SSL Proxy
Blue Coat Systems Deployment Guide Deploying the SSL Proxy For SGOS 5.1.4 Contact Information Blue Coat Systems Inc. 420 North Mary Ave Sunnyvale, CA 94085-4121 http://www.bluecoat.com/support/contact.html
More informationInstalling and Configuring vcloud Connector
Installing and Configuring vcloud Connector vcloud Connector 2.7.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new
More informationA Performance Study of VoIP Applications: MSN vs. Skype
This full text paper was peer reviewed by subject matter experts for publication in the MULTICOMM 2006 proceedings. A Performance Study of VoIP Applications: MSN vs. Skype Wen-Hui Chiang, Wei-Cheng Xiao,
More informationConfiguring Security for FTP Traffic
2 Configuring Security for FTP Traffic Securing FTP traffic Creating a security profile for FTP traffic Configuring a local traffic FTP profile Assigning an FTP security profile to a local traffic FTP
More informationInternet Privacy Options
2 Privacy Internet Privacy Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 19 June 2014 Common/Reports/internet-privacy-options.tex, r892 1 Privacy Acronyms
More informationCisco Collaboration with Microsoft Interoperability
Cisco Collaboration with Microsoft Interoperability Infrastructure Cheatsheet First Published: June 2016 Cisco Expressway X8.8 Cisco Unified Communications Manager 10.x or later Microsoft Lync Server 2010
More informationApp-ID. PALO ALTO NETWORKS: App-ID Technology Brief
App-ID Application Protocol Detection / Decryption Application Protocol Decoding Application Signature Heuristics App-ID uses as many as four identification techniques to determine the exact identity of
More informationSIP, Security and Session Border Controllers
SIP, Security and Session Border Controllers SIP, Security and Session Border Controllers Executive Summary Rolling out a public SIP service brings with it several security issues. Both users and Service
More informationestos SIP Proxy 5.1.30.33611
estos SIP Proxy 5.1.30.33611 1 Welcome to estos SIP Proxy... 4 1.1 WAN Settings... 4 1.2 Network interfaces... 5 1.3 Network Interface Configuration... 6 1.4 SSL/TLS Communications Certificate... 6 1.5
More informationHow To Block Skype
Why and How to block Skype Oscar Santolalla Helsinki University of Technology osantola(@)cc.hut.fi Abstract Skype has become a very popular Voice-over-Internet Protocol (VoIP) service that was designed
More informationSIP and VoIP 1 / 44. SIP and VoIP
What is SIP? What s a Control Channel? History of Signaling Channels Signaling and VoIP Complexity Basic SIP Architecture Simple SIP Calling Alice Calls Bob Firewalls and NATs SIP URIs Multiple Proxies
More informationUser Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream
User Manual Onsight Management Suite Version 5.1 Another Innovation by Librestream Doc #: 400075-06 May 2012 Information in this document is subject to change without notice. Reproduction in any manner
More informationSteelcape Product Overview and Functional Description
Steelcape Product Overview and Functional Description TABLE OF CONTENTS 1. General Overview 2. Applications/Uses 3. Key Features 4. Steelcape Components 5. Operations Overview: Typical Communications Session
More informationWAN Optimization for Microsoft SharePoint BPOS >
White Paper WAN Optimization for Microsoft SharePoint BPOS > Best Practices Table of Contents Executive Summary 2 Introduction 3 SharePoint BPOS performance: Managing challenges 4 SharePoint 2007: Internal
More informationProxies. Chapter 4. Network & Security Gildas Avoine
Proxies Chapter 4 Network & Security Gildas Avoine SUMMARY OF CHAPTER 4 Generalities Forward Proxies Reverse Proxies Open Proxies Conclusion GENERALITIES Generalities Forward Proxies Reverse Proxies Open
More information