RE: Honeypot Defintion - Almost There, or a new path?

[Jon Price <jon () nytimes com>]

Hi,

While I understand the inference of "automated" as described below, the 
phrase "automated computer system" still sounds a bit redundant to me.  How 
about this modification:

"The automated detection of erroneous, unauthorized or illicit use of 
system resources."


Jon



At 06:56 PM 5/24/2003 -0500, John McCracken wrote:
> I too had a problem with monitoring that diminished with further
> enlightenment; however, "detect" by definition appears to better qualify and
> kudos to Bernie for the most comprehensive rendition yet. Reads like it came
> from a dictionary. :)
>
> Thanks!
> John McCracken
>
> -----Original Message-----
> From: Bernie, CTA [mailto:cta () hcsin net]
> Sent: Saturday, May 24, 2003 9:33 AM
> To: honeypots () securityfocus com
> Cc: Lance Spitzner
> Subject: Re: Honeypot Defintion - Almost There, or a new path?
>
>
> I feel Marc's perspective has merit.
>
> After pondering the definitions presented thus far, and while
> considering a simple technical definition of a Computer, i.e., "A
> device that receives, stores, processes, and presents data in
> response to commands", I suggest this definition:
>
> Honeypot:
> "An automated computer system for detecting erroneous,
> unauthorized or illicit use of system resources."
>
> As an old embedded system engineer, I decided to include
> the word "automated" as to infer the implicit use of 5 basic
> functions of automation:
> 1. Collection of Information
>
> 2. Communication of Information (man-machine, machine-
> machine)
>
> 3. Computation of Information  (data logging and data
> processing)
>
> 4. Control of Operations (both human and machine)
>
> 5. The logical coordination among the preceding four functions
>
> I use the word "detecting" to move away from the user
> application and *legal* usage, which may include "monitoring".
>
> I included the word "erroneous" to express that honeypots
> may also detect incidents which are not specifically
> unauthorized or illicit. For example, we deploy a honeypot as
> a security safeguard - When a legitimat User attempts to login
> to their website. However, after failing to correctly enter their
> password more than X times, the User triggers the security
> safeguard and is automatically redirected to the honeypot to
> detect if the incident is an erroneous action, unauthorized or
> illicit.
>
> I have used honeypots in this topology for some time and have
> foud the resource significantly beneficial in design, debug and
> enhancement of a systems functional utility as well as the
> user interface of web-based applications.
>
>
> Thoughts?
>
>
> On 23 May 2003, at 17:05, Marc Dacier wrote:
> >
> > Based on this "usage", is this "information system resource" a
> > honeypot ? I would tend to say yes but your definition leads me
> > to believe that you would say no.
> >
> > Can't we come up with a definition that does not take the usage
> > into account at all ?
> >
> > >Since this is the preferred option of the two, this is
> > >what we will go with.
> >
> > Mmmmm ... the least worst of the two 'definitions' does not
> > make a good one :-)
> >
> > Reactions, remarks ?
> >
> > Cheers,
> > Marc
> >
>
> On 23 May 2003, at 9:30, Lance Spitzner wrote:
>
> <snip>
>
>  "A honeypot is an information system resource who's
>     value lies in monitoring unauthorized or illicit use
>     of that resource"
>
>
>    "A honeypot is an information system resource who's
>     value lies in unauthorized or illicit use of that
>     resource"
>
> <snip>
>
> -
>
> -
> ****************************************************
> Bernie
> Chief Technology Architect
> Chief Security Officer
> cta () hcsin net
> Euclidean Systems, Inc.
> *******************************************************
> // "There is no expedient to which a man will not go
> //    to avoid the pure labor of honest thinking."
> //     Honest thought, the real business capital.
> //      Observe> Think> Plan> Think> Do> Think>
> *******************************************************