Honeypots mailing list archives
RE: Moving forward with defintion of honeypots
From: "John McCracken" <john () mccrackenassociates com>
Date: Tue, 20 May 2003 23:38:12 -0500
Bernie raises some very good points and I do like the suggested mix of the two. However, and this may be capricious, but a question/concern for those knowledgeable in the litigation arena; is "monitoring" by definition sufficient to include an evidentiary collection of data or should "monitoring and/or intercept" or just "intercept" be added to the mix? May not matter for the purposes herein, but I've seen far less grind the wheels of justice to a halt and I am curious what some of the legal minds think as I can see a possible argument that monitoring, by definition, may not embrace the act of collecting/seizing data like intercept would. Thanks! John McCracken -----Original Message----- From: Bernie, CTA [mailto:cta () hcsin net] Sent: Tuesday, May 20, 2003 10:37 AM To: Lance Spitzner; honeypots () securityfocus com Subject: Re: Moving forward with defintion of honeypots I would agree with mix / mod of Option A and B. However, I believe that we should add the word security to the definition in order to satisfy legal use or intent, and potential privacy violation issues. Considering that in most current Honeypot (decoy) deployment topologies Users with honest intent may unknowingly land upon the gates of a honeypot while expecting privacy of their activities to be maintained, there may be a risk of running afoul of certain privacy, eavesdropping, wiretapping laws. That is, directly monitoring/recording an individual's actions without their permission could generally be considered eavesdropping or wiretapping (at least here in the USA), unless such monitoring/recording is performed by law enforcement with a valid COURT ORDER, or unless such monitoring/recording is performed as to protect the system from unauthorized use and to ensure that the system is functioning properly. Furthermore, using a honeypot as a general decoy and eavesdropping resource, may provide grounds for entrapment. Therefore, I would suggest the a mix of A and B as follows: "A honeypot is an information system security resource whose value lies in being probed, attacked, or compromised, which may contribute to the monitoring of unauthorized or illicit use of that resource" On 19 May 2003, at 22:23, Lance Spitzner wrote:
... Honeypots do not solve a specific problem, they are a highly flexible tool with many different applications to security. This is one of the things that makes honeypots unique. Based on all the feedback we have been getting, I've narrowed this down into two options. Thoughts? OPTION A -------- "A honeypot is an information system resource who's value lies in being probed, attacked, or compromised" OPTION B -------- "A honeypot is an information system resource who's value lies in monitoring unauthorized or illicit use of that resource"
- **************************************************** Bernie Chief Technology Architect Chief Security Officer cta () hcsin net Euclidean Systems, Inc. ******************************************************* // "There is no expedient to which a man will not go // to avoid the pure labor of honest thinking." // Honest thought, the real business capital. // Observe> Think> Plan> Think> Do> Think> *******************************************************
Current thread:
- Re: Moving forward with defintion of honeypots, (continued)
- Re: Moving forward with defintion of honeypots Etaoin Shrdlu (May 20)
- Re: Moving forward with defintion of honeypots Christian Kreibich (May 20)
- RE: Moving forward with defintion of honeypots John McCracken (May 20)
- Re: Moving forward with defintion of honeypots Christian Kreibich (May 20)
- Re: Moving forward with defintion of honeypots Perraju (May 21)
- Re: Moving forward with defintion of honeypots Richard La Bella (Florida Honeynet) (May 20)
- Re: Moving forward with defintion of honeypots Jeremy Bennett (May 20)
- RE: Moving forward with defintion of honeypots Rick Hayes (May 20)
- Re: Moving forward with defintion of honeypots Harish Pillay (May 20)
- Re: Moving forward with defintion of honeypots Bernie, CTA (May 20)
- RE: Moving forward with defintion of honeypots John McCracken (May 20)
- Re: Moving forward with defintion of honeypots Jeremy Bennett (May 20)
- Re: Moving forward with defintion of honeypots Richard H. Cotterell (May 20)
- Re: Moving forward with defintion of honeypots David Goldsmith (May 20)
- Re: Moving forward with defintion of honeypots Graeme Thompson (May 20)
- Re: Moving forward with defintion of honeypots Per Gustav Ousdal (May 20)
- RE: Moving forward with defintion of honeypots Fabien Pouget (May 21)
- Honeypot Defintion - Almost There! Lance Spitzner (May 23)
- Re: Honeypot Defintion - Almost There! Volker Tanger (May 23)
- Re: Honeypot Defintion - Almost There! Tora (May 23)
- Re: Honeypot Defintion - Almost There! Richard La Bella (Florida Honeynet) (May 23)
- Re: Honeypot Defintion - Almost There! Volker Tanger (May 23)
(Thread continues...)