Re: Honeypot policy

["Shamblin, Quinn" <qrs () BU EDU>]

We designed our policies so that things like this are not actually prohibited, but they are prohibited unless reviewed 
and approved by information security. 

So it gives us the chance to make sure that putting a tool like this in place does not provide a security hole which 
could lead to bigger problems

- Quinn

On Jan 19, 2014, at 7:54 PM, "John C. A. Bambenek, GCIH, CISSP" <bambenek.infosec () GMAIL COM> wrote:

All-

I am grappling with security policy concerns with having honeypots on a campus network (DMZ). This is for research and 
a security class.  Do you allow these on your campus networks or require them on external provider/ISPs? If on campus, 
how did you deal with the policy issues?

J