Marc Dacier wrote:

> I'll be a little bit provocative ... no offense please,
> I'm trying to get things moving :-}

I hope you'll accept this response in the same spirit.

> For instance, suppose that I install a honeypot behind my
> firewall where it should -hopefully- see nothing. I don't
> want to use that honeypot to monitor anything but, instead,
> to be a simplistic intrusion detection system. My policy
> states that, as soon as a single packet reaches the honeypot,
> my network must be disconnected from the internet because
> something is wrong with the firewall (ok, it's a silly
> example and a rather stupid reaction but bare with me :-) ).
>
> Based on this "usage", is this "information system resource"
> a honeypot ? I would tend to say yes but your definition
> leads me to believe that you would say no.

If all you use the system for is a *tripwire*, I can only see
one value-add in calling it a "honeypot": You may need to get
funding approval from someone whose whole knowledge of honeypots
is that "they're the latest cool security technology". That's
a purely local problem, not something the rest of the
world has to cope with....

Based on your usage above, I'd say that the definition you're
really suggesting is something like

A honeypot is an information resource that incorporates
elements whose creators intended them to be used as part
of something called a "honeypot", regardless of how that
resource is actually used in any particular instance.

A functional definition can only really be based on one or both
of two criteria:

(a) what it does

(b) what we do with it

If you cut away those supports, then it just means what the speaker
chooses it to mean at any given moment.

David Gillett

[ reply ]