Jump to content

Greynet: Difference between revisions

From Wikipedia, the free encyclopedia
Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
SmackBot (talk | contribs)
3,734,324 edits
m Date/fix the maintenance tags
Donnymo (talk | contribs)
157 edits
Added "Security and Monitoring" section. Added cited source for growth in risks and threats.
Line 1: Line 1:
{{Orphan|date=September 2006}}
{{Orphan|date=September 2006}}
A '''greynet''' is an elusive [[computer network|networked computer]] [[computer application|application]] that is downloaded and installed on [[end user]] systems without express permission from [[network administrator]]s and often without awareness or cognition that it is deeply embedded in the organization’s network fabric. These applications may be of some marginal use to the user, but inevitably consume system and network resources. In addition, greynet applications often open the door for end use systems to become compromised by additional applications, security risks and [[malware]].
Within the context of corporate and organizational networks, a '''greynet''' is an elusive [[computer network|networked computer]] [[computer application|application]] that is downloaded and installed on [[end user]] systems without express permission from [[network administrator]]s and often without awareness or cognition that it is deeply embedded in the organization’s network fabric. These applications may be of some marginal use to the user, but inevitably consume system and network resources. In addition, greynet applications often open the door for end use systems to become compromised by additional applications, security risks and [[malware]].


== Examples ==
== Examples ==
Line 19: Line 19:


== Problems with greynet programs ==
== Problems with greynet programs ==
The problem with greynet programs is fourfold. First, greynet programs create [[network security]] risks by causing broad vectors for [[malware]] dissemination. Second, they create privacy issues for the network by opening large holes for information leakage. Third, greynet programs create compliance issues for a computer network by creating an invisible [[parallel communications]] network. Fourth, they create issues on local machines through the consumption of local system resources and possible [[operating system]] or program stability concerns. All of these things increase network and [[Information technology|IT]] administration time and costs.
The problem with greynet programs is fourfold. First, greynet programs create [[network security]] risks by causing broad vectors for [[malware]] dissemination. For example, hackers' attacks that use IM and P2P networks have grown consistently since 2004, with [http://www.imsecuritycenter.com The IM Security Center] charting a 15% increase in attacks from 2005 to 2006, and a cumulative 710% growth in the number of viruses, worms, trojans, and spyware programs from April 2005 to April 2007.<ref>IM Security Center, www.imsecuritycenter.com</ref> Second, they create privacy issues for the network by opening large holes for information leakage. Third, greynet programs create compliance issues for a computer network by creating an invisible [[parallel communications]] network. Fourth, they create issues on local machines through the consumption of local system resources and possible [[operating system]] or program stability concerns. All of these things increase network and [[Information technology|IT]] administration time and costs.


Added to this in the corporate work environment is the loss of meaningful production time due to non-work related distractions through these greynet applications. Individual network environment policies may vary from non-existent to a full lockdown of end user system privileges. Dealing with the security aspects of greynets has led to the emergence of specific administrative software packages that monitor and control traffic, as well as the enhancement of [[security suites]] and [[adware]] clients.
Added to this in the corporate work environment is the loss of meaningful production time due to non-work related distractions through these greynet applications. Individual network environment policies may vary from non-existent to a full lockdown of end user system privileges. See the "Risks and Liabilities" section of [[Instant Messaging]] for a more detailed overview of threats, risks, and solutions to those problems for the most prevalent of the greynet programs, public IM.
Dealing with the security aspects of greynets has led to the emergence of specific administrative software packages that monitor and control traffic, as well as the enhancement of [[security suites]] and [[adware]] clients.


== Security and Monitoring ==
Among the first and most prevalent of the specific administrative software packages were products that secure networks against threats borne by IM and P2P networks. These products were first introduced in 2002, and now protect 10% to 15% of U.S. corporations. Protection against these types of risks to corporate networks is still in early stages of adoption however, as evidenced by the fact that 73% of companies have security or "hygiene" in place for their email networks, while only 11% have hygiene in place for instant messaging and P2P.<ref>[http://www.akonix.com/press/releases-details.asp?id=83 Akonix Systems survey of 113 IT professionals], January 17, 2006</ref> Products are available for security, content filtering, and archiving the use of these networks from companies such as [http://www.akonix.com Akonix], [http://www.csc.com CSC], [http://www.globalrelay.com Global Relay], and [http://www.scansafe.com Scansafe].


==References==
==References==

Revision as of 18:02, 18 May 2007

Within the context of corporate and organizational networks, a greynet is an elusive networked computer application that is downloaded and installed on end user systems without express permission from network administrators and often without awareness or cognition that it is deeply embedded in the organization’s network fabric. These applications may be of some marginal use to the user, but inevitably consume system and network resources. In addition, greynet applications often open the door for end use systems to become compromised by additional applications, security risks and malware.

Examples

The dynamics of Greynet growth

As computer workstations have become connected to the Internet, a variety of programs have proliferated that offer the ability to extend communications, gather and deliver information, and to serve the needs of marketing concerns. Among the first to emerge were instant messaging clients such as ICQ, AOL Instant Messenger and MSN Messenger. Developments in technology have added video capability through webcam units, all of which have worked together to take advantage of available bandwidth in single, small network, and corporate environments.

The growth of greynets takes advantage of software and hardware developments. Informal networks are now appearing that provide a variety of streaming media and content that is supplied or modified by end users. An emerging category is "podcasting", in which users generate content for widespread download on portable MP3 players.

Problems with greynet programs

The problem with greynet programs is fourfold. First, greynet programs create network security risks by causing broad vectors for malware dissemination. For example, hackers' attacks that use IM and P2P networks have grown consistently since 2004, with The IM Security Center charting a 15% increase in attacks from 2005 to 2006, and a cumulative 710% growth in the number of viruses, worms, trojans, and spyware programs from April 2005 to April 2007.[1] Second, they create privacy issues for the network by opening large holes for information leakage. Third, greynet programs create compliance issues for a computer network by creating an invisible parallel communications network. Fourth, they create issues on local machines through the consumption of local system resources and possible operating system or program stability concerns. All of these things increase network and IT administration time and costs.

Added to this in the corporate work environment is the loss of meaningful production time due to non-work related distractions through these greynet applications. Individual network environment policies may vary from non-existent to a full lockdown of end user system privileges. See the "Risks and Liabilities" section of Instant Messaging for a more detailed overview of threats, risks, and solutions to those problems for the most prevalent of the greynet programs, public IM.

Dealing with the security aspects of greynets has led to the emergence of specific administrative software packages that monitor and control traffic, as well as the enhancement of security suites and adware clients.


Security and Monitoring

Among the first and most prevalent of the specific administrative software packages were products that secure networks against threats borne by IM and P2P networks. These products were first introduced in 2002, and now protect 10% to 15% of U.S. corporations. Protection against these types of risks to corporate networks is still in early stages of adoption however, as evidenced by the fact that 73% of companies have security or "hygiene" in place for their email networks, while only 11% have hygiene in place for instant messaging and P2P.[2] Products are available for security, content filtering, and archiving the use of these networks from companies such as Akonix, CSC, Global Relay, and Scansafe.

References

  • Joyce, Erin (August 2, 2005). "Spyware Skyrockets on Greynet Fuel". internetnews.com.
  1. ^ IM Security Center, www.imsecuritycenter.com
  2. ^ Akonix Systems survey of 113 IT professionals, January 17, 2006


Stub icon

This computing article is a stub. You can help Wikipedia by expanding it.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Greynet&oldid=131824126"