RE: Moving forward with definition of honeypots

["Gaydosh, Adam" <GaydoshA () ctcgsc org>]

"A honeypot is a information system resource that isolates malicious
activity."

Tried to keep it simple without being overly ambiguous, so that 'isolates
malicious activity' is of sufficiently high-level to encompass the various
honey technologies accurately, without being bogged down by the probable
actions of the operator to those responses, or the credentials of the user.
Also, I like many of the other proposals, but in there effort not to
pigeon-hole honeypot usage, they seem equally applicable to other security
resources (e.g. "A firewall/IDS/honeypot is an information system resource
who's value lies in being probed, attacked, or compromised" is not
incorrect), so I was trying to be more discrete..what do ya'll think?

-adam

> -----Original Message-----
> From: David Goldsmith [mailto:dgoldsmith () sans org]
> Sent: Tuesday, May 20, 2003 3:56 PM
> To: honeypots () securityfocus com
> Subject: Re: Moving forward with defintion of honeypots
>
>
> On Monday 19 May 2003 23:23, Lance Spitzner wrote:
>
> I would say that option A is best.  The 'honeypot', whether it is one 
> real or virtual system, or a network of systems, is the resource that 
> is made available to be probed, attacked and/or compromised.
>
> It is NOT necessarily the component that does the monitoring of 
> traffic or that provides control over traffic to/from the honeypot.
>
> David Goldsmith
>
> > OPTION A
> > --------
> >   "A honeypot is an information system resource who's
> >    value lies in being probed, attacked, or compromised"
> >
> >
> > OPTION B
> > --------
> >   "A honeypot is an information system resource who's
> >    value lies in monitoring unauthorized or illicit use of
> >    that resource"