Saturday, July 12, 2008

Greynets ……as we call them.....

So far the blogs I have wrote were not directly related to my field … but this one is tightly coupled, if not the only reason, with our company’s short and long-time goals. Before I start I must admit that I m not very old in this field and that’s why, I will write only what I have learned so far. If you find me at something which sounds wrong to you, I will love to know that via your comments…and I promise that I will not feel offended…. instead I will appreciate that

Greynets ……as we call them.....

You can get its proper definition on Internet, so I will just give you a brief introduction of it. Greynet sites are the Internet applications, which generally does not create a direct threat as far as security is concerned but is very evasive in nature and that’s why it’s a subject of worry for companies. As you can see its name itself tells you something very important about it. “Grey”, as far as I believe this prefix may have been used for these sites because of their unpredictable behavior and unpredictable threats they offer. Might be because of the reason that people are still researching on them and by the time they unravel some of “grey “ parts related to these sites….. Their creators add on many more of such unanalyzed patches. So far its sound a bit confusing !!! don’t worry, I will explain it…step by step, But in short

Lets start with the examples of greynets and disadvantages (at corporate level). Orkut, FaceBook and social sites like them are famous examples but greynet sites not only constrained to them but includes much more than social networking sites. Greynet sites are really entertaining if u will consider an individual…. for example, social networking sites provide a good opportunity to be in contact with our old pals (and much more than that…). If you will ask individually everyone will advocate in the support of these sites…even I m a big supporter of these sites and enjoy being online on them.

But, Now change your angle of view and think from the point of companies!!! Although these sites doesn’t poses a security threat for any organization…hardly u would have heard that someone did “data theft” using orkut!!!! Rite. But look at network level. Besides killing the valuable time of employees (which could be otherwise very productive…) it just slaughters the bandwidth. Believe me bandwidth is as important for any organization as its network itself. I mean, what is the benefit of having a good speed network connection on which half of traffic is for unproductive purposes!!!!

After citing the examples and disadvantages in as short as possible, I will move on explaining the “grey” areas involved in these applications particularly in social networking sites. After understanding that next buzz in Internet security will be Social Networking sites, almost all of the companies who are into Internet security, started analyzing these sites in as deep as possible. They also did a lot of researches and many are still going on…. But suddenly came the innovative idea of adding custom applications with your profile on these sites!!! Remember now days we get option on facebook to add “movie quiz”, or add some “market place” and applications like that…. You will think how is that a problem ???Well, without going in deep I will just give small stats: - there are about 20000 such applications, which you can add on facebook and this number is increasing like anything. Each application has its own behavior and is not similar to other one.... resulting into a need of customized analysis of them indivisually, which is not at all easy!!!!
Now I believe you will be able to understand how big this issue is for Internet community.
.
I will try to keep posting anything important related to this topic but will also feel great to receive comments from you guys…

Keep smiling….

Signing Off:
Dhiraj singh