Andrey -
The industry needs to use some other term than "honey
pot" which suggests the
systems are possibly what is termed an "attractive
nuisance", i.e., something
that attracts innocent passers-by to mess with it where they
would not ordinarily
be inclined to do so. Calling them something more neutral
like "fiducial test canary
boxes" or some such would not confuse legal folks.
The major problems that could arise would be if the fiducial
test canary boxes
turned out to be jumping off points for further attacks.
Someone might accuse their
operator of not using ordinary care to keep such boxes from
becoming threats to
others, or so I imagine. The other issue could be that since
the boxes are set up
to be invaded, the operator thereof can hardly claim damage
from that invasion, and
some law enforcement folks might figure absent other
invasions that they cannot make
much of a case.
Glenn Everhart
-----Original Message-----
From: listbounce securityfocus.com
[mailto:listbouncesecurityfocus.com]On Behalf Of Kuznetsov
A.N.
Sent: Monday, November 27, 2006 8:27 AM
To: honeypotssecurityfocus.com
Subject: Few questions about sp800-31
Hi list,
recently I have read sp800-31(NIST Special Publication on
Intrusion Detection
System) and have some questions about it.
On page 28 they wrote about disadvantages of Honey Pots and
Padded Cells
- The legal implications of using such devices are not well
defined
What kind of problems with law can any have when using Honey
Pot or Padded Cell?
The best thing I can guess that it can be some problems if
IDS redirect legal
user to Padded Cell and he get wrong info.
- An expert attacker, once diverted into a decoy system,
may become angry and
launch a more hostile attack against an organization’s
systems.
How such sentences can be in official documents? Thinking in
such way we should
disable all security mechanisms in order to not make
attacker angry.
Sorry for my English^)
--
Best regards,
Kuznetsov Andrey pm_kanmail.ru
************************************************************
**********
This transmission may contain information that is
privileged, confidential, legally privileged, and/or exempt
from disclosure under applicable law. If you are not the
intended recipient, you are hereby notified that any
disclosure, copying, distribution, or use of the information
contained herein (including any reliance thereon) is
STRICTLY PROHIBITED. Although this transmission and any
attachments are believed to be free of any virus or other
defect that might affect any computer system into which it
is received and opened, it is the responsibility of the
recipient to ensure that it is virus free and no
responsibility is accepted by JPMorgan Chase & Co., its
subsidiaries and affiliates, as applicable, for any loss or
damage arising in any way from its use. If you received this
transmission in error, please immediately contact the sender
and destroy the material in its entirety, whether in
electronic or hard copy format. Thank you.
************************************************************
**********
|