Honeypots mailing list archives
Re: Need your helping defining honeypots
From: George Washington Dunlap III <dunlapg () umich edu>
Date: Fri, 16 May 2003 17:26:47 -0400 (EDT)
I guess the first question to ask is, what is the purpose of this definition? How will the definition itself be used? A lot of the definitions counter-proposed on this list so far have described in more detail how honeypots are normally used CURRENTLY. This may be more enlightening to someone who just wants a quick, consise answer to his question. These are the kinds of answers I'd give my boss if I was trying to convince him to set up a honeypot. The options given, however, is very abstract. They doesn't immediately tell you what their value is, but it leaves open all kinds of possibilities; although they usually have to be followed up with a couple of examples. It makes the person hearing the definition do some thinking. For people interested in synthesis, or trying to come up with new ideas, something like these is probably better. In #1, the defining value is that it's "designed to be probed, attacked, or compromised." In #2, the defining value is that they're designed to monitor "unauthorized users". Both of them are more abstract and designed to be broad and predictive, rather than descriptive; and I think for making you think more outside-the-box, #1 is more useful. Saying "they're designed to monitor unauthorized users" makes me think about how to monitor behavior, which I think is pretty well understood and won't generate many new ideas. Saying "they're designed to be probed, attacked, or compromised" makes me think about all the different ways I could use a machine that was probed, attacked or compromised; it makes me think backwards, and is likely to be more fruitful in generating novel ideas. Or look at it this way: do you want people to focus on using the probes, attacks, and compromises of honeypots to their advantage, or do you want people to focus on how to monitor "unauthorized" activity well? So, that's my $0.02. As for me, I vote for #1. (Unless, of course, your audience is not people innovating honeypots but on practical people looking at existing uses of honeypots; in that case, you'd better make a more informative answer than either of these two.) -George <grammarnazi> P.S., it should be "whose", not "who's" in the first definition. </grammarnazi> ;) On Fri, 16 May 2003, Lance Spitzner wrote:
Recently I released a paper attempting to define honeypots. I've received alot of great feedback on that. Some of the feedback has been we may be able to improve on the definition. Honeypots are extremely flexible and can be used for many different things. As such, I propose two different possible definitions. Comments/input GREATLY appreciated! Option 1: --------- A honeypot is a security resource who's value lies in being probed, attacked, or compromised. Option 2: --------- A honeypot is a resource operated to monitor the use by entities who are unauthorized, or have reason to believe they are unauthorized, to use those resources. Do you have a preference for either defintion, a different defintion, or perhaps a combination of the both? If so, why? Let us know. Thanks!
-- +-------------------+----------------------------------------- | dunlapg () umich edu | http://www-personal.umich.edu/~dunlapg +-------------------+----------------------------------------- | They spoke into being the work of their hands | From the void of the wire and the wood | They stood on that stage and they sang and they played | And they said that it was good | They said let there be light | Let there be love, let there be music | - Andrew Peterson, "Let There Be Light" +------------------------------------------------------------ | Outlaw Junk Email! Support HR 1748 (www.cauce.org)
Current thread:
- RE: Need your helping defining honeypots, (continued)
- RE: Need your helping defining honeypots Rick Hayes (May 16)
- Re: Need your helping defining honeypots Jon Baer (May 16)
- Re: Need your helping defining honeypots Valdis . Kletnieks (May 16)
- Re: Need your helping defining honeypots Jon Baer (May 16)
- Re: Need your helping defining honeypots Ed Shirey (May 16)
- Re: Need your helping defining honeypots Matt Fisher (May 16)
- Re: Need your helping defining honeypots Diego González (May 16)
- Re: Need your helping defining honeypots Davide Del Vecchio (May 16)
- Re: Need your helping defining honeypots Seth Arnold (May 16)
- Re: Need your helping defining honeypots Valdis . Kletnieks (May 16)
- Re: Need your helping defining honeypots Bernie, CTA (May 16)
- Re: Need your helping defining honeypots George Washington Dunlap III (May 16)
- Re: Need your helping defining honeypots Harish Pillay (May 17)
- Re: Need your helping defining honeypots Andy Cuff [talisker] (May 17)
- Re: Need your helping defining honeypots Sergio Pozo Hidalgo (May 19)
- Re: Need your helping defining honeypots Christian Kreibich (May 19)
- Re: Need your helping defining honeypots Sergio Pozo Hidalgo (May 19)
- Re: Need your helping defining honeypots Todd A. Jacobs (May 18)
- Re: Need your helping defining honeypots Christian Kreibich (May 19)
- Re: Need your helping defining honeypots Niels Provos (May 19)
- Re: Need your helping defining honeypots Sergio Pozo Hidalgo (May 19)
- Re: Need your helping defining honeypots Diego González (May 16)
- Re: Need your helping defining honeypots Tora (May 16)
(Thread continues...)
- RE: Need your helping defining honeypots Rick Hayes (May 16)