Restrictions on running Skype P2P software

2012/05/01 by ITSRM

On May 1st 2012, this software restriction has been dropped as agreed by the Legal Service, and the departments and LHC experiments represented in the ITSRM.

The Skype P2P telephony software generates continuous background traffic once users have signed in to the application. This traffic is easily confused with malicious patterns and interferes with the initial detection as well as post-mortem analysis of security incidents. For this reason, its use and configuration at CERN is restricted as described below.

The following configuration is required:

  • software configured to use port 50123
  • supernode functionality disabled
  • no local firewall exceptions for Skype
  • Skype security patches kept updated

Further to help security analysis by minimising unnecessary traffic, users are recommended to:

  • sign out of Skype when not in front of the computer to receive calls during long periods (such as evenings). If the use of Skype is considered to impede security or other operational functions you must immediately disable it on request.

A recipe for configuring Skype to comply with CERN restrictions can be found here.