Once you decide and document your policies, you then need a way to check and enforce it. This article focuses on how you can do that for Skype, but the advice here would work for any other similar application.
Note that we're assuming for this article that Skype is allowed in your enterprise, and we'll cover how to manage it, not how to thoroughly block it.
The first thing you need to do is find systems running Skype. After that, you need to change Skype configurations to match your company's policy. We'll cover how to block or delete Skype in another article.
How do I find systems running Skype?
If you work for a larger company, you could use your configuration management or software distribution solution and run a job to locate any systems with Skype. But not all companies have those solutions, and not all are able to detect Skype. So I have developed a free tool you can use to automatically do the job for it. I developed a simple script called SkypeCheck (to use as is, feel free to send me your updates) that you can download from my website. I wrote this batch file to perform several functions:
- Check if Skype is installed and creates a report of systems that have it
- Reports the version of Skype
- Checks to see if a Proxy is set
- Checks the port Skype is using and reports it
- If port 80 is enabled and reports it
- Checks the port being used and allows you to copy the corporate Shared.XML file with the correct settings
- Checks and disables File Transfer and reports it
- Checks and disables API and reports it
For managed systems connected to the network and that can log in to some Windows Domain or Active Directory you can run this script from the login script and capture the information. I also provide a way to send the reports to a file server share if you want to send them to a specific location, or you can store them on the login servers and harvest them as needed. You can also just attach to each system on the network, copy the script and then launch a job to run it and send the reports to a central server or harvest them as needed.
The first goal is to locate the systems that have Skype so that you can manage them. The second is to understand and report on the settings of each system. There are several things you will want to look for in your environment. These include:
- Main Listening Port
- If port 80 and 443 are used for incoming connections
- If a HTTPS or SOCKS proxy is used
- If file transfer is disabled
- If the API option is disabled
The Listening Port is important in corporate environments because you can set a specific port on your firewall to allow incoming Skype calls. Port 80 and 443 are important so that you can disable your Skype clients from using port 80 or 443 and force them to use your specific corporate Listening Port, if you so choose. The HTTPS or SOCKS proxy is important if you have the option to use and set a Proxy server for connections. Of course, for security and control you can disable file transfer and any API add-ons from being installed. All these things will help you manage your Skype environment. Using the script I mentioned will allow you to regularly monitor your Skype clients and their settings.
For Remote Users you will have to rely on them attaching to the network and logging in or use your Configuration Management or Software Distribution solution to deploy, run and collect the results of the script. The main goal is to have the ability to manage Skype in the enterprise. Whether you use the script I provide or your configuration management or software distribution solution or a combination of both, you will be able to manage your Skype user configuration at an enterprise level. If you want to make sure your users are running the latest version of Skype, you will need to manage it just like any other application and send out a package to install the latest version instead of relying on the user to maintain the application. I recommend this approach if you want to maintain security and have any concerns about using a public IM tool like Skype. Keep it updated!