Drmayhem@gmail.com

Interested in learning more about security?

SANS Institute InfoSec Reading Room
This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission.

Skype: A Practical Security Analysis
The purpose of this paper is to suggest best practices and recommendations when running Skype. Although Skype is available for myriad different hardwareplatforms, this document will focus on the Mac, Windows, and Linux environments.

Copyright SANS Institute Author Retains Full Rights

AD

Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 Skype: A Practical Security

08 ,

Au

tho

rr

GSEC Gold Certification

©

Bert Hayes

SA

NS

Ins titu

Adviser: Dominicus Adriyanto

te

Author: Bert Hayes,bhayes@infosec.utexas.edu

Accepted: October 9 2008

20

eta

ins
Analysis

ful l
1
© SANS Institute 2008, Author retains full rights.

rig

hts

Skype: A Practical Security Analysis

.

2. Definitions....................................................... 4 3. Major Points...................................................... 5

4.Observations...................................................... 9

2. Skype’s Network Behavior......................................11 5. Practical Advice and Real World Recommendations...................21
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46

6. Conclusions.......................................................23 7. Links and Additional Information..................................24 8. AppendixA: A Brief History of Skype’s Security Vulnerabilities..25 9. Appendix B: Registry and Config Settings for Skype on Windows.... 28 10. References .....................................................31

©

Bert Hayes

SA

NS

Ins titu

te

20

08 ,

Au

tho

1. Network Utilization............................................ 9

rr

eta

ins

ful l
2
Author retainsfull rights.

1. Introduction...................................................... 3

© SANS Institute 2008,

rig

Table of Contents

hts

Skype: A Practical Security Analysis

.

Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46

©

Bert Hayes

SA

NS

Ins titu

te

20

08 ,

Au

tho

rr

eta

ins

ful l
3
© SANS Institute 2008,Author retains full rights.

rig

hts

Skype: A Practical Security Analysis

.

Skype is communications software that allows users to communicate with each other in

(Peer to Peer) network rather than routing all communications packets through a central server. Skype is designed to work out of the box on modern networks, and has no problems working behind a NAT (Network AddressTranslation) device or other firewalls. Because of its decentralized architecture, Skype makes extensive use of strong encryption, making casual

Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46

combination of Skype's encryption and its binary only, closed-source nature make it a black box, or complete unknown that has no place being on a well-maintained network. While these are allvalid concerns, they should be considered in the context of local network policies

well-managed environment can mitigate these risks.

©

Bert Hayes

SA

and weighed against the benefits that Skype can provide. In many cases running Skype in a

NS

Ins titu

inherent ability to traverse firewalls is a security risk. And some administrators feel the

te

use has shown that itcan be a bandwidth hog. Other administrators fear that Skype's

20

Many network and systems administrators take a dim view of Skype because historical

08 ,

eavesdropping or impersonation all but impossible.

Au

tho

rr

eta

among other IM (Instant Messaging) applications in that Skype runs over a decentralized P2P

ins

real time using VOIP (Voice Over IP), video chat,...