You can use signature 11251 to block skype. This signature fires when a Windows Skype client connect to the Skype server to synchronize its version. So you can configure 'drop packet inline' along with 'produce alert' as an action. Therefore you can identify the host trying to use 'skype' client and proceed accordingly.
To block facebook, you can create a customer signature which matches /facebook./com/ in http header and configure actions like 'reset', 'deny connection', etc.
There are three GUI based options to connect to IPS.
1. Using ASDM.
Try to connect to 'Intrusion Prevention System' device from with ASDM.
2. Using IDM.
3. Using IME.
Check this link: http://www.cisco.com/en/US/products/ps9610/index.html
Once installed, try to add your sensor to IME. You can manage upto 5 sensors using IME.
Once you're connected to your sensor via one of the above methods, the following link should carry you through the steps of creating a customer signature.
You'll need 'service http' type customer signature.
Signature will not be compleletely effective in blocking Skype traffic.
Signature 11251-0 only blocks exchanges with the host skype.com in the
packets. The only time this occurs is when the version is checked and not
during the actual phone calls. This is usually done when the client is started.
Again, this means that Skype traffic is not what fires this signature.
It is the client connecting to Skype to sync its version.
Skype uses an aggressive adaptive networking application that is designed to
reach the Internet. Skype sessions use an asymmetric key
exchange to distribute the 256 bit symmetric key employed by the AES cipher
for session encryption. Skype's initial outbound connection can use any
dynamic combination of TCP and UDP ports, including outbound ports 80 and
443, which are generally open for HTTP and HTTPS access. This renders
traditional port blocking filters completely ineffective. In addition, Skype
uses proprietary methods of NAT traversal similar to STUN (Simple Traversal
of UDP through NAT), ICE (Interactive Connectivity Establishment) and TURN
(Traversal Using Relay NAT) to ensure that you can reach the Internet and to
determine the client's eligibility to be a super node.
Because Skype uses a proprietary, encrypted protocol, specifically designed
to avoid detection and penetrate NAT, Firewalls and other network
instrumentations there is no formal method for any DPI technology to perform
compliant inspection of Skype traffic flows.
However there has been a bug filed on this and the development team is
working on it.
TAC security solutions