Description: Applications like IM, web conferencing and P2P, deployed by the end user and elusive at the network level are described by FaceTime as 'greynets'. Learn how to enable the good ones and block the bad.
Hi, I'm Kailash Ambwani and I'm the CEO of FaceTime Communications. Today, I'm going to speak to you about 'Greynets.' 'Greynets' are the biggest challenge for security enterprise managers today. What are 'Greynets?' One way to think about 'Greynets' is to look at applications and see how applications get deployed. Do they get deployed at the enterprise level, at the department level or at the end-user level and then to look at the behavior of these applications at the network level. Are they well-behaved at the network level or are they evasive at the network level? With this, let's look at a few applications.
Let's look at e-mail. When you join a company, you get an e-mail address and e-mail is an enterprise-wide application and that in fact, it behaves really well at the network level. It's SMTP. It goes through a well-defined port, etc. Let's look at another application. Let's look at Web conferencing. Web conferencing typically gets deployed at the department level, but it's very evasive at the network level. Web conferencing users encrypted protocols that tunnels through Port 80. It does everything it can to get through your security infrastructure as easily as possible. Another evasive application is IM. IM, which also gets deployed at the end-user level, tends to again be very evasive at the network level and we know that the same applies to things like P2P.
Now, not all end-user applications are evasive. So for example, if you look at Web browsing, Web browsing is used at the end-user level and is actually quite well-behaved. This HTTP is Port 80. Another set of applications are adware, spyware and adware spyware in fact, are so far on this access that they were getting deployed without even the end-user knowing about that and now we're finding that adware and spyware are getting evasive at the network level. This quadrant is what we call 'Greynets.'
Now, why do we call them 'Greynets?' We call them 'Greynets' because these applications are not necessarily bad. Some applications like Web conferencing and IM can be very beneficial. Other applications like P2P and adware and spyware can be very problematic. What are some of the issues that the applications raise? Well, they represent a vulnerability for you. You've got code that hasn't gone through your quality assurance running on your desktops. That code might have vulnerabilities. They represent security threats. There are viruses and worms that are now propagating through these applications. They represent compliance issues. What kind of communications is happening with these applications and are you keeping track and logging those communications? They represent management issues. Who's using these applications. How much bandwidth is getting used. Do you have control over all that?
So, to manage 'Greynets' and to control 'Greynets,' you first need to be able to detect them, which as we've shown here with the evasiveness is not easy to do and once you've detected them, you need to decide what you want to do with them. Do you want to block them and clearly? You want to block adware spyware. You probably although not always want to block P2P. Or do you want to enable them because there's real business value? For example, you want to enable Web conferencing. You want to increasingly enable IM. What does enabling means? Enabling means, you've got to address these issues. You've got to have hygiene. So you've got to check for viruses and worms and spam. You've got to have compliance. You've got to make sure that you're logging all the messaging that's going on in these applications and you've got to have strong user policies in place: who can use them, when can they use them, how much bandwidth are they allowed to take.
So, these applications represent business value, but they also represent threats, neither black nor white. That's why we call them 'Greynets' and the challenge is how do you enable the good 'Greynets' while blocking the bad ones.
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- FREE Economist Report available at the Collaboration Resource Center.
-
"Collaboration: Transforming the Way Business Works", a new study from the Economist Intelligence Unit. Find this informative report along with free videos podcasts and more, availibe courtesy of Cisco.
- Sign in now to download!
- Marc Canter: The master of multimedia speaks
-
In this Super Techies interview, larger-than-life techie Marc Canter talks with ZDNet's Editor in Chief Dan Farber about his career as a multimedia pioneer.
- Watch the video >>
- New entries posted to Know Issues, Best Practices and Workarounds Wiki
-
Latest Topics: Running virtual machines and DHCP can cause Intel® AMT to be inaccessible; Wildcard certificates are currently not supported for remote; Dell 755 returns a duplicate UUID during activation configuration.
- See the latest entries on the Intel Wiki >>
