Skype Configuration and Security

Security and Universities

• Skype Security and Universities Link
• Skype Guide for Network Admins

Disable Supernode

Quoting from http://www.skype.com/security/universities/

There are several ways to prevent Skype from becoming a supernode:
    * Beginning with Skype 3.0, an explicit switch is provided in the registry settings to allow the disabling of supernode functionality.
    * Any computer hosted on a network that is behind a network address translation (NAT) device or restrictive firewall will disable supernode functionality.
    * Skype clients behind an HTTP or SOCKS5 proxy will not serve as supernodes.

Note: You can disable Supernode by adding the following registry key

• Save and run the following text as NoSuperNode.reg or download from here NoSuperNode.reg - a reboot will be requred

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Skype]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Skype\Phone]
"DisableSupernode"=dword:00000001

Registry Settings

Reference: Skype Guide for Network Admins

HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, DisableApi, REG_DWORD = {0,1}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, DisableFileTransfer, REG_DWORD = {0,1}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, MemoryOnly, REG_DWORD = {0,1}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, DisableContactImport, REG_DWORD = {0,1}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, DisableVersionCheck, REG_DWORD = {0,1}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, DisablePersonalise, REG_DWORD = {0,1}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, DisableLanguageEdit, REG_DWORD = {0,1}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, ListenPort, REG_DWORD = {0,1}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, ListenHTTPPorts, REG_DWORD = {0,1}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, DisableTCPListen, REG_DWORD = {0,1}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, DisableUDP, REG_DWORD = {0,1}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, DisableSupernode, REG_DWORD = {0,1}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, ProxySetting, REG_SZ = {string}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, ProxyAddress, REG_SZ = {string}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, ProxyUsername, REG_SZ = {string}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, ProxyPassword, REG_SZ = {string}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, WebStatus, REG_DWORD = {0,1}

Skype Security Concerns

• From Black Hat Europe 2006 Philippe Biondi & Fabrice Desclaus "Silver Needle in Skype" https://www.blackhat.com/presentations/bh-europe-06/bh-eu-06-biondi/bh-eu-06-biondi-up.pdf - Note: save this file - then open it

• Skype and Windows Firewall - Best Advise is NOT to run as Administrator or Skype can, and does, make changes to your firewall. If you do run and a non Administrator you will have to remove any Skype exceptions you don't want while running as Administrator and then switch back.

There is an article about this called "Enterprises Need to Deal with Skype Boom" published on Eweek :http://www.eweek.com/article2/0,1895,2043368,00.asp

Windows XP Firewall and Skype

     "Skype also attempts to modify desktop firewall settings to allow
itself to run optimally. If the firewall rule gets disabled, the next
time Skype starts it will re-enable its firewall exception (if the user
has permission to modify firewall settings)."

Using Skype behind a NAT - note for home users of Skype behind a router

     "A firewall that blocks inbound traffic or uses NAT (Network
Address Translation) also won't stop Skype. When a Skype client starts,
it opens a session with a supernode in the Skype network.

If the client cannot be contacted from the Internet, the supernode will
notify the client when a call comes in?via the open connection. If the
recipient cannot directly contact the sender, the supernode or a relay
agent can then act as a proxy between the two callers. "

Skype Protocol

• Wikipedia Article

Skype Knowledge Base

• http://support.skype.com/?_a=knowledgebase