Honeypots mailing list archives
RE: Moving forward with definition of honeypots
From: "Gaydosh, Adam" <GaydoshA () ctcgsc org>
Date: Tue, 20 May 2003 16:57:44 -0400
"A honeypot is a information system resource that isolates malicious activity." Tried to keep it simple without being overly ambiguous, so that 'isolates malicious activity' is of sufficiently high-level to encompass the various honey technologies accurately, without being bogged down by the probable actions of the operator to those responses, or the credentials of the user. Also, I like many of the other proposals, but in there effort not to pigeon-hole honeypot usage, they seem equally applicable to other security resources (e.g. "A firewall/IDS/honeypot is an information system resource who's value lies in being probed, attacked, or compromised" is not incorrect), so I was trying to be more discrete..what do ya'll think? -adam
-----Original Message----- From: David Goldsmith [mailto:dgoldsmith () sans org] Sent: Tuesday, May 20, 2003 3:56 PM To: honeypots () securityfocus com Subject: Re: Moving forward with defintion of honeypots On Monday 19 May 2003 23:23, Lance Spitzner wrote: I would say that option A is best. The 'honeypot', whether it is one real or virtual system, or a network of systems, is the resource that is made available to be probed, attacked and/or compromised. It is NOT necessarily the component that does the monitoring of traffic or that provides control over traffic to/from the honeypot. David GoldsmithOPTION A -------- "A honeypot is an information system resource who's value lies in being probed, attacked, or compromised" OPTION B -------- "A honeypot is an information system resource who's value lies in monitoring unauthorized or illicit use of that resource"
Current thread:
- RE: Moving forward with definition of honeypots Freilich, Robert (May 20)
- <Possible follow-ups>
- RE: Moving forward with definition of honeypots Gaydosh, Adam (May 20)
- RE: Moving forward with definition of honeypots David Watson (May 21)