Re: Need your helping defining honeypots

[George Bakos <gbakos () ists dartmouth edu>]

Props to Richard for the broadest, yet still concise, definition thus far.
The only issue I see is the term "computer". This may further place limits
on the type of resources that may be positioned to best observe illicit
use. 

Is an optical switch, or a voicemail system a "computer resource?"
Instrumenting and deploying either of these could certainly be referred to
as honeypotting, no?

Perhaps: "A honeypot is an information system resource the value of which
lies in monitoring unauthorized or illicit use of that resource."

Cheers,
g

On Fri, 16 May 2003 16:31:34 -0400 (EDT)
"Richard.Salgado () usdoj gov" <Richard.Salgado () usdoj gov> wrote:

> In my world, the essence of a honeypot is much closer to the second
> option than the first. It is a system used to monitor unauthorized or
> illicit activity.  The definition needs to be broad enough to capture
> honeypots with a security-research goal as well as deployments aimed at
> other misuses of networks and data.  (I think Lance would like to be
> sure that the definition covers honey tokens as well).  Perhaps the we
> could combine the two definitions as follows:
>
> "A honeypot is a computer resource the value of which lies in monitoring
> unauthorized or illicit use of the resource."


-- 
George Bakos
Institute for Security Technology Studies - IRIA
Dartmouth College
gbakos () ists dartmouth edu
603.646.0665 -voice
603.646.0666 -fax