Using Skype in a zero-trust model

If you wish to use legacy Skype app (one still using P2P for communications) while running in a zero-trust model where you’re in whitelisting mode along with DTTS (Don’t Talk To Strangers), there are several considerations and steps to be followed. This how-to is for ASUS specifically but can be adapted to other platforms by following the same principles:

  1. Assign a DHCP reservation to the device running Skype
    • Visit http://mytools.management
    • Click on “MyBox” and login
    • If you’re on ASUS, click on LAN -> DHCP Server Tab
    • Scroll down until you see Manually Assigned IP around the DHCP list (Max Limit : 128)
    • Select your Skype device MAC address in the dropdown, then click on Add, and Apply, which should then look similar to this (on Asus-based routers):
  2. Determine your Skype client’s port used.
    • From Skype program, choose Preferences or Tools and Options and look for the port number like this:
  3. Create a Port-forward rule to allow inbound traffic to reach Skype directly like this:
    • Back to https://mybox.management:8080 (works only on the inside of your network), go to WAN -> Virtual Server / Port Forwarding tab and create the corresponding entry using your Skype device and the port number gathered in the previous steps like this, and don’t forget to press APPLY:
    • Reboot your ASUS router
  4. Create a custom DTTS enabler to allow outbound traffic using Skype’s source port like this:
    • Go to your dashboard -> Manage Rules -> My Rules -> DTTS Rules (tab)
    • Create a new enabler that looks like this (but replace the numbers with your port number):
  5. Turn on the enabler in the Ruleset used by your Skype device.
  6. On your dashboard use the Subscriptions menu to subscribe to Skype and enable it on your ruleset used by the Skype device.

With all of these steps followed, your Skype device is now able to communicate successfully in a zero-trust model.