|
Skype (www.skype.com) is a peer-to-peer (P2P) application that provides voice-over-IP communication over the Internet. The use of Skype on systems attached to the JLab network is not prohibited per se, but is restricted to systems that are not involved with critical operations or sensitive information. Skype also may be limited on a per-machine basis if network usage becomes excessive. Note that the use of Skype is permitted, but no technical support is provided.
Skype calls are routed across the Internet through other Skype systems, called "SuperNodes." Any system running the Skype application runs the risk of surreptitiously being elevated to the status of SuperNode. However, this mode requires that a system can be directly contacted from the Internet, and the Lab’s firewall-protected perimeter denies this type of connection. Normal Skype calls can be initiated and received, but systems on site cannot become SuperNodes.
Home-based or traveling systems will not necessarily have this protection, so you should follow the configuration guidelines shown at this URL (http://cc.jlab.org/services/skype/). to increase the protection of your system and home network. If a system has become a SuperNode, it will usually have to be rebooted to stop the SuperNode call-routing activity. Note that laptops that are managed within the JLab domain will have the system firewall automatically enabled when the system connects to a non-JLab network, thus preventing use of the system as a SuperNode.
Skype may be used on systems connected to the Lab’s secure wireless network and the “managed desktop” networks. Skype use is allowed to visitors to the Lab who are connected to the Guest Network, which has no direct access to Lab resources.
Skype may not be used on subnets that support accelerator controls, data acquisition, or moderate-security-level enclaves (e.g., MIS) or on systems that handle Personally Identifiable Information (PII) or other sensitive information. Contact security@jlab.org for further information. Skype may be installed for testing purposes on other systems with the approval of the Computer Security Manager.
These restrictions provide protection of accelerator operations, data-acquisition, and business services from malicious code that could be installed via Skype file transfers.
Standard policies regarding system management apply:
System patches must be up to date.
Anti-virus rules must be up to date, and automatic virus checking must be enabled where applicable.
Network and/or host-based vulnerability scanning will be done on a regular basis.
For additional information, contact Helpdesk@jlab.org.
This document is maintained by {helpdesk@jlab.org}
Copyright Jefferson Lab 2007