Cyber Security
Skype Client Policy
1.0 Goal
Allow the use of the Skype VoIP Communication Client on BNL networks but protect against exfiltration of BNL sensitive data.
2.0 Background
The use of Skype for VoIP communications serves a legitimate business need by enabling long distance communication for researchers and collaborations for minimal cost. The use of Skype is allowed at BNL for this purpose but the ability to transfer files out through Skype remains a concern for exfiltrating sensitive data. The method of routing information through the Skype super nodes puts sensitive information at risk at multiple points in the file transmission. In addition the elevation of a Skype node to 'Super Node' status within the BNL network would advertise an internal system as a connection point for external Skype communications which is another security concern.
3.0 Policy
The use of Skype is allowed for business communication from systems categorized at the Low risk level as long as the client does not become a 'Super Node.' Skype use if not allowed from systems categorized at the Moderate risk level.
4.0 Enforcement
Systems categorized at the Moderate risk level found to be running Skype will be blocked from the network. Any BNL systems found to be operating as a Skype 'Super Node' will be blocked from the network.
