This preview shows page 1. Sign up to view the full content.
Unformatted text preview: she will go right to the honeypot instead of the systems
that are actual production machines. The attacker will be enticed to go to the honeypot
system because it has many open ports and services running and exhibits vulnerabilities that the attacker would want to exploit. The company can log the attacker’s actions
and later attempt to prosecute.
The action in the preceding example is legal unless the company crosses the line to
entrapment. For example, suppose a web page has a link that indicates that if an individual clicks it, she could then download thousands of MP3 files for free. However,
when she clicks that link, she is taken to the honeypot system instead, and the company
records all of her actions and attempts to prosecute. Entrapment does not prove that the
suspect had the intent to commit a crime; it only proves she was successfully tricked. Interviewing and Interrogating
Once surveillance and search and seizure activities have been performed, it is very likely that suspects must be interviewed and interrogated. However, interviewing is both an
art and a science, and the interview should be conducted by a properly trained professional. Even then, the interview may only be conducted after consultation with legal
counsel. This doesn’t, however, completely relieve you as an information security professional from responsibility during the interviewing process. You may be asked to
provide input or observe an interview in order to clarify technical information that
comes up in the course of questioning. When this is needed, there should be one person in charge of the interview or interrogation, with one or two others present. Both the
topics of discussion and the questions should be prepared beforehand and asked in a
systematic and calm fashion, because the purpose of an interrogation is to obtain evidence for a trial.
The employee interrogator should be in a position that is senior to the employee
suspect. A vice president is not going to be very intimidated or willing to spill his guts
to the mailroom clerk. The interrogation should be held in a private place, and the
suspect should be...
View Full Document
This note was uploaded on 06/01/2013 for the course NET 125 taught by Professor Hurst during the Fall '12 term at Wake Tech.
- Fall '12