|
Honeypots
Moving forward with defintion of honeypots May 20 2003 03:23AM Lance Spitzner (lance honeynet org) (17 replies) Re: Moving forward with defintion of honeypots May 24 2003 04:47AM Bill McCarty (bmccarty apu edu) (1 replies) Re: Moving forward with defintion of honeypots May 24 2003 07:38PM Scarecrow (scarecrow runeweaver com) Honeypot Defintion - Almost There! May 23 2003 02:30PM Lance Spitzner (lance honeynet org) (6 replies) Re: Honeypot Defintion - Almost There! May 24 2003 02:29AM Erik S. Johansen (security sperling no) (1 replies) Re: Honeypot Defintion - Almost There! May 23 2003 03:58PM Jack McCarthy (lists jackmccarthy com) (1 replies) Re: Honeypot Defintion - Almost There! May 23 2003 03:05PM Marc Dacier (marc dacier eurecom fr) (2 replies) Re: Honeypot Defintion - Almost There! May 23 2003 02:48PM Volker Tanger (volker tanger discon de) (1 replies) Re: Honeypot Defintion - Almost There! May 23 2003 02:40PM Richard La Bella \(Florida Honeynet\) (richard sfhn org) Re: Moving forward with defintion of honeypots May 21 2003 06:36PM Chris Burton (cyberhiker99 yahoo com) RE: Moving forward with defintion of honeypots May 21 2003 08:37AM Fabien Pouget (Fabien Pouget eurecom fr) Re: Moving forward with defintion of honeypots May 21 2003 01:22AM Per Gustav Ousdal (pgo-ml ousdal com) Re: Moving forward with defintion of honeypots May 20 2003 09:37PM Graeme Thompson (gdthompson optushome com au) Re: Moving forward with defintion of honeypots May 20 2003 07:56PM David Goldsmith (dgoldsmith sans org) Re: Moving forward with defintion of honeypots May 20 2003 05:49PM Richard H. Cotterell (seec mail retina ar) Re: Moving forward with defintion of honeypots May 20 2003 05:06PM Jeremy Bennett (jeremy_f_bennett yahoo com) Re: Moving forward with defintion of honeypots May 20 2003 03:37PM Bernie, CTA (cta hcsin net) (1 replies) Re: Moving forward with defintion of honeypots May 20 2003 03:30PM Harish Pillay (harish maringotree com) Re: Moving forward with defintion of honeypots May 20 2003 02:36PM Richard La Bella \(Florida Honeynet\) (richard sfhn org) (1 replies) Re: Moving forward with defintion of honeypots May 20 2003 04:52PM Jeremy Bennett (jeremy_f_bennett yahoo com) Re: Moving forward with defintion of honeypots May 20 2003 02:24PM Christian Kreibich (christian whoop org) (1 replies) RE: Moving forward with defintion of honeypots May 20 2003 02:08PM John McCracken (john mccrackenassociates com) Re: Moving forward with defintion of honeypots May 20 2003 01:56PM Christian Kreibich (christian whoop org) Re: Moving forward with defintion of honeypots May 20 2003 01:46PM Etaoin Shrdlu (shrdlu deaddrop org) |
|
|
Privacy Statement |
two. However, and this may be capricious, but a question/concern for those
knowledgeable in the litigation arena; is "monitoring" by definition
sufficient to include an evidentiary collection of data or should
"monitoring and/or intercept" or just "intercept" be added to the mix?
May not matter for the purposes herein, but I've seen far less grind the
wheels of justice to a halt and I am curious what some of the legal minds
think as I can see a possible argument that monitoring, by definition, may
not embrace the act of collecting/seizing data like intercept would.
Thanks!
John McCracken
-----Original Message-----
From: Bernie, CTA [mailto:cta (at) hcsin (dot) net [email concealed]]
Sent: Tuesday, May 20, 2003 10:37 AM
To: Lance Spitzner; honeypots (at) securityfocus (dot) com [email concealed]
Subject: Re: Moving forward with defintion of honeypots
I would agree with mix / mod of Option A and B. However, I
believe that we should add the word security to the definition
in order to satisfy legal use or intent, and potential privacy
violation issues.
Considering that in most current Honeypot (decoy)
deployment topologies Users with honest intent may
unknowingly land upon the gates of a honeypot while
expecting privacy of their activities to be maintained, there
may be a risk of running afoul of certain privacy,
eavesdropping, wiretapping laws.
That is, directly monitoring/recording an individual's actions
without their permission could generally be considered
eavesdropping or wiretapping (at least here in the USA),
unless such monitoring/recording is performed by law
enforcement with a valid COURT ORDER, or unless such
monitoring/recording is performed as to protect the system
from unauthorized use and to ensure that the system is
functioning properly.
Furthermore, using a honeypot as a general decoy and
eavesdropping resource, may provide grounds for entrapment.
Therefore, I would suggest the a mix of A and B as follows:
"A honeypot is an information system security resource
whose value lies in being probed, attacked, or compromised,
which may contribute to the monitoring of unauthorized or
illicit use of that resource"
On 19 May 2003, at 22:23, Lance Spitzner wrote:
>...
> Honeypots do not solve a specific problem, they are a
> highly flexible tool with many different applications to
> security. This is one of the things that makes honeypots
> unique.
>
> Based on all the feedback we have been getting, I've
> narrowed this down into two options.
>
> Thoughts?
>
>
> OPTION A
> --------
> "A honeypot is an information system resource who's
> value lies in being probed, attacked, or compromised"
>
>
> OPTION B
> --------
> "A honeypot is an information system resource who's
> value lies in monitoring unauthorized or illicit use of
> that resource"
>
-
****************************************************
Bernie
Chief Technology Architect
Chief Security Officer
cta (at) hcsin (dot) net [email concealed]
Euclidean Systems, Inc.
*******************************************************
// "There is no expedient to which a man will not go
// to avoid the pure labor of honest thinking."
// Honest thought, the real business capital.
// Observe> Think> Plan> Think> Do> Think>
*******************************************************
[ reply ]