Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Greynet threats continue to go unrecognised by many businesses.

InfoSecurity Europe : 04 April, 2008  (Technical Article)
Nick Sears of FaceTime Communications looks at the threats posed by greynets that are often overlooked as businesses continue to allow unprotected instant messaging applications on their networks.
Instant messaging (IM) applications have been around since the early 70s, but it was the introduction of programs such as ICQ and AOL Instant Messenger in the late 90s that brought IM into the mainstream. Since then real-time communications has grown considerably from a handful of companies offering IM networks, to over six hundred real-time communication applications that FaceTime tracks on the GreyNet Guide and is increasing rapidly each quarter.

However, despite the fact that research shows that IM is the vector for five new security incidents everyday, many organisations fail to see the threat.

One of the reasons companies do not see real-time communications as a threat, is just that - they don't see it. These types of applications, also referred to as 'greynets' because of the highly evasive techniques they use to traverse the network, are able to easily circumvent traditional security methods used to control the network. Real-time communications is big business and companies such as Yahoo!, AOL and Skype develop their applications to get as many users signed up to their network as possible, rigorously testing client applications against standard enterprise security infrastructures to ensure their application can tunnel through.

Many applications use encrypted protocols, making it impossible for an Intrusion Protection System to detect or to control them. In addition, they use Peer to Peer connections. Skype, for instance, uses a peer to peer connection and is encrypted end to end, often even tunnelling through HTTP if that is the only port that it finds open on the firewall, negating the use of an URL filtering solution to control it. Consequently, many organisations don't even realise that their users have installed them.

However, even those companies that have implemented real-time communications in the workplace frequently fail to see the threat and implement technology to mitigate the risk. While an enterprise grade IM system, such as Microsoft OCS or IBM Lotus Sametime will provide a robust platform, they do not natively provide the tools to meet security, compliance and legislative requirements. Aside from the obvious hazard of malware subversively entering the network - research shows that 80% of enterprises have experienced a greynet-related attack within the last six months, there is also the danger that organisations are not monitoring what is being sent out.

Despite the associated risks, Greynets do have their place in today's business world. Financial services have been using IM successfully for a while now, to help speed up transactions and close deals. Probably because the industry is so highly regulated, most organisations have recognised that they need to be able to monitor and archive real-time communications that have been installed by the company, as well as the unauthorised ones installed by the users themselves.

An example of this is the recent case of Societe Generale, press reports show that the review of thousands of pages of instant message conversations revealed that the rogue trader may not have acted alone, alleviating concerns that bank managers had knowledge of the trader's activities. The reports note that much of the trading scheme was discussed over IM, as opposed to more traditional e-mail channels. Societe Generale's ability to retrieve these messages provided a clear trail for investigators.

Research shows that eight in ten employees are using some type of greynet application at their workplace, and four in ten are using unauthorised applications. In order to mitigate the risks associated with instant messaging in the workplace, organisations should consider three vital areas - security, management and compliance. But since many real-time applications go to extraordinary lengths to circumvent traditional methods of security, the first step must be for the organisation to recognise the likelihood that they are already on the network and to establish visibility.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo