greynet (or graynet)

Greynet is a term for the use of unauthorized applications on a corporate network. A greynet application is a network-based program that corporate network users download and install without permission from their company's IT department. Common examples of greynet applications include instant messaging, peer-to-peer collaboration and conferencing programs, streaming media players, and RSS readers.

Many greynet applications, such as instant messaging and collaboration programs, have legitimate business use and help boost user productivity. Other greynet applications, like peer-to-peer file and music sharing programs, pose serious security risks and can drain network resources. User-downloaded programs also can include malicious programs like spyware components for tracking and reporting information without the user's knowledge. Greynet usage by employees is thought to be a major contributor to the growth of spyware-related incidents.

All greynets, even those that benefit the end-user, can be detrimental to a company network. Because they use corporate bandwidth, the programs often have negative effects on overall network performance. They introduce security risks, including client code vulnerabilities and new avenues for attack, and can lead to data loss and property or identity theft. Greynets can be difficult to eliminate because many use encryption and port agility (the ability to dynamically send and receive traffic across any open network port), which makes them difficult to detect and block.

This was last updated in May 2007

Continue Reading About greynet (or graynet)

Dig Deeper on Web application and API security best practices