The voice-over-IP and instant messaging (IM) application Skype has gone from obscurity to roughly 150 million users with about 6 million users online at any given time -- all in a matter of three years. Even with its popularity, though, there are security concerns, particularly when Skype is used in corporate networks.
Among people's security concerns are that Skype can be a security hole through which hackers can crawl, that it encrypts all communications and so its messaging can't be tracked, that it can use up too much network bandwidth and that it allows dangerous file transfers.
Skype is not an easy application to manage, but if you're concerned about Skype use on your network, there's plenty you can do to block it or make sure that it's used safely. (As to whether you should be concerned about Skype, that's another question -- for answers, see this article.) Read on to see how you can protect your network and its users against Skype dangers.
Finding Skype users on your network
The first thing you need to do is find out who is using Skype on your network. If you're using any of the many networking configuration management applications such as Microsoft SMS, LANDesk HP or OpenView Client Configuration Manager, you're all set. Just use their built-in tools.
If you don't use any of them, fear not; help is on the way. On my Web site SkypeTips.com, I have a sample script that you can customize called Skype_Check for Windows that does the following:
- Checks if Skype is installed on PCs on the network, and creates a report of systems that have it.
- Reports the version of Skype.
- Checks to see if a proxy is set.
- Checks the port Skype is using and reports it.
- Checks if port 80 is enabled and reports it.
- Checks the port being used and allows you to copy the corporate Shared.XML file with the correct settings.
- Checks and disables file transfer and reports it.
- Checks and disables the Skype API and reports it.
You can also use your login script to search for Skype.exe or use a script and execute it against your IP address scheme, attach it to each client with the appropriate admin account, and search for Skype and any existing XML or registry settings. And, of course, you can also use a configuration management application, as I mentioned previously, or use a combination of a script and configuration management application depending on your need to find, report, manage or prevent and delete Skype.