Greynets: is social software making you vulnerable?

A visit with FaceTime introduced me to the term ‘greynet’. Since it’s been knocking around for donkey’s years, I should have known about it. But I didn’t. And so, I figured, nor would you. (Skip this blog if you’re up to speed on the subject and protected from greynet attacks.)

A greynet is a network-enabled application which is installed behind your firewall. The benign ones include services such as Skype or MSN Instant Messaging, which allow people to see when their contacts are present and to ‘chat’ with them by typing short messages. Unfortunately, these and other social networks such as Facebook, can be the means by which these greynets penetrate your defences, especially when they’ve been installed by end users with no IT involvement. An unwitting download of an apparently innocuous file or application is all it takes for trouble to begin.

Greynets operate by tunneling through your protective firewall using unsecured communications ports or even slipping out through port 80 – the one which gives staff access to the internet. Most commonly, the malicious ones can steal information and disrupt the operation of your computers.

We are used to securing our email systems and protecting ourselves from infected file attachments. This kind of security is very mature and widely available. But it only works once the level of infections bring it to the attention of the anti-virus companies. They then figure out a ‘signature’ for a piece of malware and incorporate it into their virus databases. From then on, subscribers are protected.

Compared with instant messaging and other social software such as Facebook or MySpace, email protection is a positively leisurely exercise. Problems spread relatively slowly – when was the last time you heard of a major email-borne virus infection? But, without monitoring software, social software can allow malware to creep in undetected. This is not the only threat, but it’s the one that you can do least about without help.

The other threats are the usual employee-related ones of letting information out deliberately or accidentally, of failing to create an auditable trail of business communications, of wasting time, and so on. Frankly, these need to be dealt with by common-sense guidelines, although some of the greynet protection software, appliances and services can help.

FaceTime is aimed at mid to large enterprises and may be overkill for a smallish business. It connects on the one side to over 150 instant messaging and other social services and passes all traffic through its filters which spot, instantly, when something suspicious is happening. It does this by looking at traffic content, but it also looks inside the data packets and at their patterns as they flow through. Some customers settle for reading the logs after the event. The sensible ones choose to be alerted at the first sign of trouble.

Since FaceTime is aimed at the upper end of the market, I went searching for something more appropriate for the smaller business. Depending on your inclinations, your needs and your budget, you might want to go for regular software, a managed service or an appliance that fits into your network. To get a flavour of each type, you might try visiting Grisoft, Panda and Finjan.

I don’t actually know how each of these works in detail, but if I were buying, I’d want to know that they can trap previously unknown threats in real time. If you’re under regulatory scrutiny, you’d probably do best to go for an appliance or service option because they’re more likely to be programmed for professional logging and archiving.

David Tebbutt is an award-winning columnist and feature writer who specialises on the subject of using software and technology to increase business productivity. He's an analyst with Freeform Dynamics but, in previous lives, wrote for Director magazine, Real Business and was also editor of Personal Computer World. http://freeformdynamics.com