Network Security Center
Skype is not supported by NSIT and we do not advocate its use. However, if you are going to use it please be aware of the following:
Skype security awareness
-
It is proprietary software and there is no guarantee that conversations are actually secure.
-
Skype is a communication program, not an antivirus or anti-malware program. A message from Skype about viruses or malware on your machine is fraudulent. Just as you should not select links or attachments in email from people you do not know, do not select these links either. It may lead to an attacker stealing sensitive data or performing other harmful activity.
-
As with all applications, Skype provides security patches and updates. This software should be updated when a vulnerability is identified and a patch for it is available.
Skype for the administrator
The Skype Network Administrator Guide provides useful information on registry settings as well as links to an MMC snap-on and GPO template.
Recommended registry settings (see above guide for specific key information):
- Prevent the Skype client from becoming a supernode
- Set the listening port where Skype listens for incoming connections so your users use a consistent, identifiable port (2 registry keys for this)
- Disable 'ListenHTTPPortsPolicy' to disable listening on 80/443
- Disable Skype Public API to prevent 3rd-party apps from accessing Skype functionality
- Disable file transfer via Skype
- Consider the following: Run in memory-only mode so Skype does not store any data on the local disk
Last updated: 9/16/08