Blocking specific Skype features


This article applies to:

  • WebMarshal
  • Skype

Question:

  • How do I block specific features of Skype?
  • How do I block file transfers through Skype?

Procedure:

You may want to allow core functions of Skype but block certain features (such as file transfer)

  1. Ensure that Skype traffic is passing through WebMarshal. HTTPS content inspection is required. See article Q11389.
  2. Enable Traffic Logging.
  3. Establish the Skype session and validate that the activity shows in Traffic Logging.
  4. Perform the action you want to control, such as a file transfer.
  5. Check the Traffic Log to see what connections are logged from the workstation you are using to test.
  6. Make one or more rules based on the results. Rules can block a combination of URL, MIME type, file type, or other conditions.
  7. Test the rule.

Example:

At the time this article was reviewed, the traffic log for a Skype file transfer includes a line similar to the following (note the MIME type "image/jpeg" will vary):

2017-12-18 10:50:30 "VM-EXAMPLETW45" "10.160.80.15" 10.160.80.15 "10.160.80.15" 
"api.asm.skype.com" "image/jpeg" 443 - 200 

To block file transfers, you can block access to https://api.asm.skype.com/

The traffic log for a transfer blocked by a rule is similar to:  

2017-12-18 10:55:04 "VM-EXAMPLETW45" "10.160.80.15" 10.160.80.15 "10.160.80.15" 
"api.asm.skype.com" - 443 "Standard Rules\Global Policy\skype file" 

Notes:

  • Skype features and implementations are often updated. You should check periodically to make sure your policy continues to work as expected.
  • The general method described can help you to update WebMarshal policy if Skype implementations change

Last Modified 12/18/2017.
https://support.trustwave.com/kb/KnowledgebaseArticle20975.aspx