Professional Documents
Culture Documents
Overview of Skype
The SkypeTM application is a cost-free, multi-platform encrypted peer-to-peer (P2P) networking client used for Voice over IP (VoIP) and
other forms of Internet-based communications. Acquired by eBay in a transaction completed on October 14, 2005, Skype is recognized
for its ease-of-use, security, and networking versatility. From the perspective of the user, the ease-of-use is a welcome contrast to
the traditional complexity of VoIP, the security (encryption provided by RSA and AES) guarantees that Skype communications will be
safe from eavesdroppers, and the networking versatility attempts to ensure that Skype will be able to work on any network, regardless
of the types of NAT, proxy, firewall, or intrusion prevention configurations. It is this very set of characteristics ease-of-use, security,
and network versatility that have made Skype the bane of many corporate and university network environments.
Arguments have been made opposing industry efforts to block Skype noting that it is secure, that it uses bandwidth fairly
conservatively, or simply that it is just plain unfair to block Skype but there exist very legitimate and compelling reasons to block
Skype, foremost of which are:
Skype is designed to evade network tracing and auditing attempts Many industries are subject to compliance laws, which
use of the Skype application would violate.
Some countries (including China, the UAE, and Oman) have prohibited the use of Skype Enterprises risk communication
barriers with these countries if they use Skype.
The Skype End-User License Agreement (http://www.skype.com/company/legal/eula/index.html) requires that the user agree
to yield the computer running the Skype application as a resource to the Skype network (see Article 4 Permission to Utilize)
This violates the use policies of many corporations and universities.
Caveats
Note that activating the detection/prevention of Skype will not affect Skype sessions that are already active. To begin
detection/prevention of Skype, you can restart the Skype client application (laborious if there are many clients connected), restart the
SonicWALL (disruptive) or clear the SonicWALLs connection cache. Clearing the connection cache can be achieved by browsing to
the diag.html page (reachable by manually browsing to the diag.html at the SonicWALLs management address for example
https://67.115.118.80/diag.html). Select the Internal Settings button, and then select the Flush Connections button. This will
instantaneously clear all connections running through the SonicWALL UTM appliance, prompting them to renegotiate.
Skype updates the Skype client periodically. The version as of this writing is 1.4.0.84, and version 2.0 is in active beta. Skype client
updates have the potential to introduce changes to the Skype protocol. To ensure that your SonicWALL UTM appliance can continue to
reliably identify and block Skype, SonicWALL recommends upgrading to the latest version of SonicOS firmware.
Prerequisites
Before you begin to configure your SonicWALL UTM appliance to block Skype, perform the following steps:
1.
2.
3.
4.
Select a workstation on a firewalled segment (e.g. LAN/Trusted, DMZ/Public, WLAN/Wireless) on which Skype is installed, or
select a workstation on which to install Skype for testing.
Launch the Skype application. Login with an existing account, or create a Skype account and then login.
Observe that Skype can successfully connect to the Skype network.
Close the Skype application.
2.
Enable IPS
a. Activate by Interface on SonicOS Standard
b. Activate by Zone on SonicOS Enhanced
Enable detection / prevention of the Skype signatures
a. This can be done by individual signature, or at the group (IM) level. This example will activate Skype detection and
prevention at the IM Group level.
Enable IPS
1. From the Security Services > Intrusion Prevention page, select the Enable IPS checkbox, and click the Apply button at the
top right of the page.
By Priority There are High, Medium, and Low priority groups. Skype is in the Low priority group. Generally, the Low priority
group should not configured for Prevent All because of the broad range of traffic included in this group, including commonly
used diagnostic/reconnaissance traffic such as ICMP.
By Category There are currently 41 categories. The Skype signatures are in the IM category. The IM category also includes
other well-known IM applications such as AIM, ICQ, MSN, Yahoo, and QQ.
By Signature There are currently 2,155 signatures, which can inherit settings from the Category or Priority level, or which
can be individually configured.
SonicOS Enhanced also provides inclusion/exclusion controls for Users/Groups, IP Addresses (Address Objects) and Scheduling
controls. Refer to the IPS Primer (http://www.sonicwall.com/support/pdfs/technotes/SonicWALL_IPS_First_Primer.pdf) for more
information on these controls.
In this example, we will be enabling Skype detection and prevention at the Category level:
1.
From the Security Services > Intrusion Prevention page, select the IM category from the Category drop-down. The page
view will update. Click the edit
icon to the right of the category.
2.
The Edit IPS Category window will differ slightly depending on your SonicOS version. Select Enable for Detection and
Prevention and click OK:
SonicOS Standard
3.
SonicOS Enhanced
Confirm that Prevent and Detect are checked for the IM signatures in the IPS Policies table.
Testing
Now that Skype detection and prevention is enabled, launch the Skype application on your test workstation, and attempt to connect to
Skype. If the Skype application was previously running, refer to the Caveats section on page 2.
Skype will fail to connect. You can verify the SonicWALL UTM appliance detection and prevention activity by browsing to the Log >
View page: