SkypeConfiguration < CF

CF Web>CscfSpecific>SecurityProcedures>SkypeConfiguration (2007-04-25, MikeGore) (raw view)

-- Main.MikeGore - 24 Apr 2007
---+ Skype Configuration and Security
%TOC%
---++ Security and Universities
   * [[http://www.skype.com/security/universities/][Skype Security and Universities Link]]
   * [[http://www.skype.com/security/guide-for-network-admins-30beta.pdf][Skype Guide for Network Admins]]

---++ Disable Supernode
*Skype 3.0 and up have the ability to disable supernode status <br>

Quoting from http://www.skype.com/security/universities/
<verbatim>
There are several ways to prevent Skype from becoming a supernode:
    * Beginning with Skype 3.0, an explicit switch is provided in the registry settings to allow the disabling of supernode functionality.
    * Any computer hosted on a network that is behind a network address translation (NAT) device or restrictive firewall will disable supernode functionality.
    * Skype clients behind an HTTP or SOCKS5 proxy will not serve as supernodes.
</verbatim>

Note: You can disable Supernode by adding the following registry key

   * Save and run the following text as !NoSuperNode.reg or download from here  [[%ATTACHURL%/NoSuperNode.reg][NoSuperNode.reg]] - *a reboot will be requred*
<verbatim>
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Skype]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Skype\Phone]
"DisableSupernode"=dword:00000001
</verbatim>

---++ Registry Settings

Reference: [[http://www.skype.com/security/guide-for-network-admins-30beta.pdf][Skype Guide for Network Admins]]

<verbatim>
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, DisableApi, REG_DWORD = {0,1}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, DisableFileTransfer, REG_DWORD = {0,1}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, MemoryOnly, REG_DWORD = {0,1}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, DisableContactImport, REG_DWORD = {0,1}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, DisableVersionCheck, REG_DWORD = {0,1}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, DisablePersonalise, REG_DWORD = {0,1}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, DisableLanguageEdit, REG_DWORD = {0,1}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, ListenPort, REG_DWORD = {0,1}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, ListenHTTPPorts, REG_DWORD = {0,1}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, DisableTCPListen, REG_DWORD = {0,1}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, DisableUDP, REG_DWORD = {0,1}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, DisableSupernode, REG_DWORD = {0,1}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, ProxySetting, REG_SZ = {string}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, ProxyAddress, REG_SZ = {string}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, ProxyUsername, REG_SZ = {string}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, ProxyPassword, REG_SZ = {string}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, WebStatus, REG_DWORD = {0,1}
</verbatim>

---++ Skype Security Concerns
   * [[http://www.blackhat.com/html/bh-media-archives/bh-archives-2006.html#eu-06][From Black Hat Europe 2006]] Philippe Biondi & Fabrice Desclaus "Silver Needle in Skype" https://www.blackhat.com/presentations/bh-europe-06/bh-eu-06-biondi/bh-eu-06-biondi-up.pdf - *Note: save this file - then open it*

   * Skype and Windows Firewall - Best Advise is *NOT* to run as Administrator or Skype can, and does, make changes to your firewall. If you do run and a non Administrator you will have to remove any Skype exceptions you don't want while running as Administrator and then switch back.

There is an article about this called "Enterprises Need to Deal with
Skype Boom" published on Eweek
:http://www.eweek.com/article2/0,1895,2043368,00.asp

*Windows XP Firewall and Skype* 
<verbatim>
     "Skype also attempts to modify desktop firewall settings to allow
itself to run optimally. If the firewall rule gets disabled, the next
time Skype starts it will re-enable its firewall exception (if the user
has permission to modify firewall settings)."
</verbatim>

*Using Skype behind a NAT - note for home users of Skype behind a router*
<verbatim>
     "A firewall that blocks inbound traffic or uses NAT (Network
Address Translation) also won't stop Skype. When a Skype client starts,
it opens a session with a supernode in the Skype network.

If the client cannot be contacted from the Internet, the supernode will
notify the client when a call comes in?via the open connection. If the
recipient cannot directly contact the sender, the supernode or a relay
agent can then act as a proxy between the two callers. "
</verbatim>

---++ Skype Protocol
   * [[http://en.wikipedia.org/wiki/Skype_Protocol][Wikipedia Article]]

---++ Skype Knowledge Base
   * http://support.skype.com/?_a=knowledgebase

Attachments

Topic attachments
I	Attachment	History	Action	Size	Date	Who	Comment
reg	NoSuperNode.reg	r1	manage	0.2 K	2007-04-24 - 15:07	MikeGore	NoSuperNode.reg

Topic revision: r4 - 2007-04-25 - MikeGore

Information in this area is meant for use by CSCF staff and is not official documentation, but anybody who is interested is welcome to use it if they find it useful.

Other Webs

My links
- People
- CERAS
- WatForm
- Tetherless lab
- Ubuntu Main.HowTo
- eDocs
- RGG NE notes
- RGG
- CS infrastructure
- Grad images

Edit