Authors: Pavol Sokol
Abstract
Honeynets have now become a standard part of security measures within the organization. Their purpose is to protect critical information systems and information; this is complemented by acquisition of information about the network threats, attackers and attacks. It is very important to consider issues affecting the deployment and usage of the honeypots and honeynets. This paper discusses the legal issues of honeynets considering their generations. Paper focuses on legal issues of core elements of honeynets, especially data control, data capture and data collection. Paper also draws attention on the issues pertaining to privacy and liability. The analysis of legal issues is based on EU law and it is supplemented by a review of the research literature, related to legal aspects of honeypots and honeynets.
Introduction
In the contemporary information society there is a security gap between ability to secure information systems, computer networks etc. and the actual level of security. This is the reason for finding new ways of protecting critical infrastructure of the organizations. One of the relatively new approaches of information and information system infrastructure security is concept of honeypots and honeynets.
In 2003, public forum of over 5,000 security professionals defined the term honeypot as “an information system resource whose value lies in unauthorized or illicit use of that resource” [1]. It can also be defined as “a computing resource, whose value is in being attacked” [2]. Honeypots are a very useful framework for learning about the targets, procedures, tools and methods of attackers.
Honeynet extends “the concept of a single honeypot to a highly controlled network of honeypots” [3]. It consists of four core elements that are described below [2], [4].
Data control is the first requirement. Its purpose is to control the activities of attackers. This is the most important element and it has a high priority in implementation of honeynet [5]. This core element may reduce the risk of abuse of honeynet by attackers.
Data capture is the second element, which monitors and logs all of the activities of attacker within the honeynet. It captures attackers‘ information including the inbound and outbound activity.
Data collection is the third of the core elements. If organization deploys a single honeynet, this part of honeynet isn’t needed. Data collection is necessary when organization deploys or manages more than single honeynet. The purpose of this element is to capture and collect any information from multiple honeypots and honeynets in one place.
Data analysis is a part of honeynet, analysing the data that are being collected from it. This element of honeynet is used for analysing and tracking attacks and understanding harmful activities [2].
Deployment and usage of honeynets bring with them numerous problems and issues. This paper outlines legal issues affecting the deployment and usage of the honeynets in all generations of honeynets. Legal analysis is based on the European Union law. Under interdisciplinary perspective, relation between the law and technology offers a wide array of problems to be dealt with. In this paper, legal issues surrounding honeynets are discussed in context of risks and variable solutions with arising issues, some of which are more complex and offer inspiration for further research and legal debate.
There are two main contributions of this paper. The first contribution of this paper is the review of the research literature related to legal aspects of honeypots and honeynets. The second contribution of this paper is the legal analysis of generations of honeynets from the perspective of European Union law (EU law). In this part of paper we focus on legal issues of the core elements of honeynets.
