Honeypots mailing list archives
RE: Honeypot Defintion - Almost There, or a new path?
From: Jon Price <jon () nytimes com>
Date: Sun, 25 May 2003 17:43:44 -0400
Hi,While I understand the inference of "automated" as described below, the phrase "automated computer system" still sounds a bit redundant to me. How about this modification:
"The automated detection of erroneous, unauthorized or illicit use of system resources."
Jon At 06:56 PM 5/24/2003 -0500, John McCracken wrote:
I too had a problem with monitoring that diminished with further enlightenment; however, "detect" by definition appears to better qualify and kudos to Bernie for the most comprehensive rendition yet. Reads like it came from a dictionary. :) Thanks! John McCracken -----Original Message----- From: Bernie, CTA [mailto:cta () hcsin net] Sent: Saturday, May 24, 2003 9:33 AM To: honeypots () securityfocus com Cc: Lance Spitzner Subject: Re: Honeypot Defintion - Almost There, or a new path? I feel Marc's perspective has merit. After pondering the definitions presented thus far, and while considering a simple technical definition of a Computer, i.e., "A device that receives, stores, processes, and presents data in response to commands", I suggest this definition: Honeypot: "An automated computer system for detecting erroneous, unauthorized or illicit use of system resources." As an old embedded system engineer, I decided to include the word "automated" as to infer the implicit use of 5 basic functions of automation: 1. Collection of Information 2. Communication of Information (man-machine, machine- machine) 3. Computation of Information (data logging and data processing) 4. Control of Operations (both human and machine) 5. The logical coordination among the preceding four functions I use the word "detecting" to move away from the user application and *legal* usage, which may include "monitoring". I included the word "erroneous" to express that honeypots may also detect incidents which are not specifically unauthorized or illicit. For example, we deploy a honeypot as a security safeguard - When a legitimat User attempts to login to their website. However, after failing to correctly enter their password more than X times, the User triggers the security safeguard and is automatically redirected to the honeypot to detect if the incident is an erroneous action, unauthorized or illicit. I have used honeypots in this topology for some time and have foud the resource significantly beneficial in design, debug and enhancement of a systems functional utility as well as the user interface of web-based applications. Thoughts? On 23 May 2003, at 17:05, Marc Dacier wrote: > > Based on this "usage", is this "information system resource" a > honeypot ? I would tend to say yes but your definition leads me > to believe that you would say no. > > Can't we come up with a definition that does not take the usage > into account at all ? > > >Since this is the preferred option of the two, this is > >what we will go with. > > Mmmmm ... the least worst of the two 'definitions' does not > make a good one :-) > > Reactions, remarks ? > > Cheers, > Marc > On 23 May 2003, at 9:30, Lance Spitzner wrote: <snip> "A honeypot is an information system resource who's value lies in monitoring unauthorized or illicit use of that resource" "A honeypot is an information system resource who's value lies in unauthorized or illicit use of that resource" <snip> - - **************************************************** Bernie Chief Technology Architect Chief Security Officer cta () hcsin net Euclidean Systems, Inc. ******************************************************* // "There is no expedient to which a man will not go // to avoid the pure labor of honest thinking." // Honest thought, the real business capital. // Observe> Think> Plan> Think> Do> Think> *******************************************************
Current thread:
- Re: Honeypot Defintion - Almost There, or a new path? Bernie, CTA (May 24)
- RE: Honeypot Defintion - Almost There, or a new path? John McCracken (May 25)
- RE: Honeypot Defintion - Almost There, or a new path? Jon Price (May 25)
- Re: Honeypot Defintion - Almost There, or a new path? Valdis . Kletnieks (May 25)
- RE: Honeypot Defintion - Almost There, or a new path? John McCracken (May 25)