RE: Few questions about sp800-31 Nov 27 2006 07:48PM
Glenn Everhart chase com
Andrey -
The industry needs to use some other term than "honey pot" which suggests the
systems are possibly what is termed an "attractive nuisance", i.e., something
that attracts innocent passers-by to mess with it where they would not ordinarily
be inclined to do so. Calling them something more neutral like "fiducial test canary
boxes" or some such would not confuse legal folks.

The major problems that could arise would be if the fiducial test canary boxes
turned out to be jumping off points for further attacks. Someone might accuse their
operator of not using ordinary care to keep such boxes from becoming threats to
others, or so I imagine. The other issue could be that since the boxes are set up
to be invaded, the operator thereof can hardly claim damage from that invasion, and
some law enforcement folks might figure absent other invasions that they cannot make
much of a case.

Glenn Everhart

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed]
[mailto:listbounce (at) securityfocus (dot) com [email concealed]]On Behalf Of Kuznetsov A.N.
Sent: Monday, November 27, 2006 8:27 AM
To: honeypots (at) securityfocus (dot) com [email concealed]
Subject: Few questions about sp800-31

Hi list,
recently I have read sp800-31(NIST Special Publication on Intrusion Detection
System) and have some questions about it.

On page 28 they wrote about disadvantages of Honey Pots and Padded Cells
- The legal implications of using such devices are not well defined
What kind of problems with law can any have when using Honey Pot or Padded Cell?
The best thing I can guess that it can be some problems if IDS redirect legal
user to Padded Cell and he get wrong info.
- An expert attacker, once diverted into a decoy system, may become angry and
launch a more hostile attack against an organization?s systems.
How such sentences can be in official documents? Thinking in such way we should
disable all security mechanisms in order to not make attacker angry.

Sorry for my English^)
Best regards,
Kuznetsov Andrey pm_kan (at) mail (dot) ru [email concealed]

This transmission may contain information that is privileged, confidential, legally privileged, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. Although this transmission and any attachments are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by JPMorgan Chase & Co., its subsidiaries and affiliates, as applicable, for any loss or damage arising in any way from its use. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you.

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus