|
Honeypots
mailing list archives
Re: Honeypot Defintion - Almost There, or a new path?
From: "Bernie, CTA" <cta () hcsin net>
Date: Sat, 24 May 2003 10:32:32 -0400
I feel Marc's perspective has merit.
After pondering the definitions presented thus far, and while
considering a simple technical definition of a Computer, i.e., "A
device that receives, stores, processes, and presents data in
response to commands", I suggest this definition:
Honeypot:
"An automated computer system for detecting erroneous,
unauthorized or illicit use of system resources."
As an old embedded system engineer, I decided to include
the word "automated" as to infer the implicit use of 5 basic
functions of automation:
1. Collection of Information
2. Communication of Information (man-machine, machine-
machine)
3. Computation of Information (data logging and data
processing)
4. Control of Operations (both human and machine)
5. The logical coordination among the preceding four functions
I use the word "detecting" to move away from the user
application and *legal* usage, which may include "monitoring".
I included the word "erroneous" to express that honeypots
may also detect incidents which are not specifically
unauthorized or illicit. For example, we deploy a honeypot as
a security safeguard - When a legitimat User attempts to login
to their website. However, after failing to correctly enter their
password more than X times, the User triggers the security
safeguard and is automatically redirected to the honeypot to
detect if the incident is an erroneous action, unauthorized or
illicit.
I have used honeypots in this topology for some time and have
foud the resource significantly beneficial in design, debug and
enhancement of a systems functional utility as well as the
user interface of web-based applications.
Thoughts?
On 23 May 2003, at 17:05, Marc Dacier wrote:
Based on this "usage", is this "information system resource" a
honeypot ? I would tend to say yes but your definition leads me
to believe that you would say no.
Can't we come up with a definition that does not take the usage
into account at all ?
Since this is the preferred option of the two, this is
what we will go with.
Mmmmm ... the least worst of the two 'definitions' does not
make a good one :-)
Reactions, remarks ?
Cheers,
Marc
On 23 May 2003, at 9:30, Lance Spitzner wrote:
<snip>
"A honeypot is an information system resource who's
value lies in monitoring unauthorized or illicit use
of that resource"
"A honeypot is an information system resource who's
value lies in unauthorized or illicit use of that
resource"
<snip>
-
-
****************************************************
Bernie
Chief Technology Architect
Chief Security Officer
cta () hcsin net
Euclidean Systems, Inc.
*******************************************************
// "There is no expedient to which a man will not go
// to avoid the pure labor of honest thinking."
// Honest thought, the real business capital.
// Observe> Think> Plan> Think> Do> Think>
*******************************************************
 By Date 
By Thread
Current thread:
- Re: Honeypot Defintion - Almost There, or a new path? Bernie, CTA (May 24)
|
Intro
