- Entrapment and Enticement:
- Entrapment (Illegal and unethical):
- When someone is persuaded to commit a crime they had no intention to commit and is then charged with it.
- Openly advertising sensitive data and then charging people when they access them.
- Entrapment is a solid legal defense.
- Enticement (Legal and ethical):
- Making committing a crime more enticing, but the person has already broken the law or at least has decided to do so. Honeypots can be a good way to use Enticement.
- Have open ports or services on a server that can be attacked.
- Enticement is not a valid defense.
- Entrapment (Illegal and unethical):
- If there is a gray area in some cases between entrapment and enticement and it is ultimately up to the jury to decide if it was one or the other.
Check with your legal department and get senior management approval before deploying honeypots or honey-nets.
They pose both legal and practical risks.