-
Misunderstanding. If an attacker is caught because of activities they did against a private citizen's or private corporation's honeypot, the attacker cannot use entrapment as a defence. If, however, the FBI or other law enforcement setup a honeypot, the potential is there. Quite often people assume that honeypot = entrapment, hence the reason why we don't see it. The reality is that the individuals setting it up must be in a law enforcement capacity for it to be close to entrapment.
Whether it is or not in the end, assuming it's set up by law enforcement, is a debate in the courts.
-
K lol so from what you told me i understand it now i think :D
but i bet thats not all honeypots do...(collect information that is) is it?
-
Act as a decoy and perform some intrusion detection but the primary function is information gathering. Remember that security is multiple layers. A honeypot is just one of those layers.
-
7 layers right...hmm i only know 2 lol.....honeypot and network...what are the other 5 layers then?
-
Depends on how much you are protecting and how $$ it will cost the company if it's stolen/broken into/etc. Generally, you'd use things like:
- firewall
- antivirus
- honeypot
- IDS
- logs
- auditing and testing
- patches/updates/fixes
- security policies
- procedures
- acceptable usage policies
- monitoring
- common sense
I'm sure I missed something. A few to all of these can be used, depending on resources, time and knowledge.
-
thats all for like big companies but for home computer security you should have...
-firewall
-antivirus
-monitoring
-logs
right? or am i missing something also? :D
-
An IDS (intrusion detectin system). You will find that many firewalls have some type of IDS built into them. It's just as easy to build a SNORT system and have that running (I have one on an old P100 with FreeBSD).
And you forgot common sense for the home user.
-
A nice one to add to the firewall & honeypot topic might be a tarpit. If you want to know what it is use google, because there's people who can tell you much better then me...
Short explenation: it's a deamon that can listen on all free ip adresses (on one switch because of the arp stuff so not the entire internet lol) and all free ports of those free adresses. All ports appear to be open and if for example a worm tryes to spread itself by connecting to a port or something, the deamon will keep the connection with the worm. The worm tryes to use it's onboard exploiting toolbox, but that doesn't affact the tarpit. It can slowdown worms because they stay connected until they get disconnected (wich they won't do themselves and the tarpit won't either)... they can stay stuck in the tarpit forever.
-
We have a thing here called the car bait program. It's a car that is left unlocked with the sole purpose of being stolen.
Legally the police are in a panic because the argument as to whether or not it is a form of entrapment, is hot topic. In the real world however, and IMO, opportunistic crime is still a crime. If an honest person sees a car that is unlocked with the keys in it he/she would attempt to find the owner or take some other responsible action rather than hop in and take off with it.
So I think Honeypots and bait programs [such as the one I mention] are a good thing.
The powers that be [that we put into power to begin with] think otherwise.
And before anyone says it, let me make it clear, honeypots ARE bait. Exploit scanners will pick them up in a heartbeat because of the pure nature of the honeypot and the pure nature of the exploit scanner. :-)
Kwi.
-
a honeypot is a pot full of honey.
this pot is usually a sort of container that looks like it can easily be broken or steal from. it's appearance can be very deceiving sometimes, and often tempting. you can find these pots decorated with gold linings and adored with sweet scent of delicious honey. you might not notice any difference if you compare this pot to any other pots, only that it is really tempting. sweet honey. so sweet.
you probably won't notice those thousand bees keeping careful watch of what's happening. They are very, very patient type of bees. they just take note of what people are doing on their honeypot. you know, people will take very little notice of bees watching if they see a very tempting pot of honey. so the bees can gather a lot of usefull information by keeping an eye on those people with honeythoughts on their mind.
sweet honey.
pot full of honey.
pot full of delicious sweet honey...
honeypots.
-jet
:D
