Re: Need your helping defining honeypots

[Harish Pillay <harish () maringotree com>]

Lance -

I think Option 2 is better but like what others have also said, it can be
expanded to include those who are authorized.  Behaviour of those who are 
authorized can provide valuable clues on what they "thought" they were 
doing as opposed to what they were "actually" doing.  This is similar to 
usage testing.

BTW, I have just finished reading your book on Honeypots and I must thank 
you for an excellent tome!  It takes pride of place next to Bruce Schneier's 
books.

Harish

* on the Fri, May 16, 2003 at 01:24:11PM -0500, Lance Spitzner was commenting:
> Recently I released a paper attempting to define honeypots.
> I've received alot of great feedback on that.  Some of the
> feedback has been we may be able to improve on the definition.
> Honeypots are extremely flexible and can be used for many
> different things.  As such, I propose two different possible
> definitions.  Comments/input GREATLY appreciated!
>
>
> Option 1:
> ---------
> A honeypot is a security resource who's value lies in being
> probed, attacked, or compromised.
>
>
> Option 2:
> ---------
> A honeypot is a resource operated to monitor the use by entities 
> who are unauthorized, or have reason to believe they are unauthorized, 
> to use those resources. 
>
>
>
> Do you have a preference for either defintion, a different
> defintion, or perhaps a combination of the both?  If so, why?
> Let us know.
>
> Thanks!
>
> -- 
> Lance Spitzner
> http://www.tracking-hackers.com

-- 
Harish Pillay
CEO/CTA
Maringo Tree Technologies Pte Ltd
15 Jalan Kilang Barat #06-06, Frontech Center, Singapore 159357. 
w: +65.6271.8589  x: +65.6270.4552

If this helped you, please take the time to rate the value of this post:
            http://svcs.affero.net/rm.php?r=harish