In running a honeynet, a company needs to be careful
to ensure that it is not facilitating or helping further a
crime. Precautions and actions must be taken to prevent
potential or actual criminal activity from harming others;
to inform authorities when criminal activities or evidence
comes to light; and to ensure that the data, code, programs,
and systems running on the honeynet are legal
(e.g., do not store contraband on the system in an effort
to trap an intruder).
The primary purpose of a commercial honeynet is to
monitor and analyze intrusion and attacks. Under certain
circumstances, the monitoring of these activities may constitute
a criminal or civil action. In the United States, the
federal Wiretap Act and the Pen Register, Trap, and Trace
Devices statute place legal limits on monitoring activity.
The Wiretap Act makes it illegal to intercept the contents
of a communication. If intruders cannot store (either
directly or indirectly) data or information on a honeynet,
then the act does not apply. If they can, then there are
exceptions to the rule. For instance, if the monitoring is
done to prevent abuse or damage to the system, then
monitoring it is not illegal. The implication is that certain
honeynet purposes and configurations are illegal and others
are not.