Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > pen-test > 03 > 020296.html (Request Expert securityfocus.com Support)

RE: login banners

From: Bernie, CTA <cta(at)hcsin.net>
Date: Wed Feb 19 2003 - 19:27:38 EST


At first glance one would say that login banners are analogous to someone putting a "do not trespass" sign out on their lawn. However, there is a significant difference in that the person attempting computer access could be using a legitimate auto login program that prevents the user from seeing your banner. Accordingly, I would imagine that a grounded legal argument could be made to establish that the user was using an automated tool and consequently in good faith did not know. In my opinion, the weight of such an argument may be light but effective in a civil litigation, it is probably sufficient to establish reasonable doubt in a criminal prosecution.

>From a security point of view, my practice is not to use
banners on systems that could be accessed via public networks, as doing so alerts a would be attacker that there may be something valuable awaiting within. In addition, I believe that using banners also elevate potential risks of system finger printing or exploitation of the login program. Conversely, I do believe in using banners on internal systems which state something like "Only authorized users may attempt or login to this system. Be aware that unauthorized login or attempts are a violation of XYZ Computer Security Policy, and consequently you may be terminated from employment, and/or civilly or criminally prosecuted."

On 19 Feb 2003, at 16:37, Brearley, Kyle wrote:

> i work for a major bank and we use warning banners, login banners
-

-


Bernie
Chief Technology Architect
Chief Security Officer
cta@hcsin.net
Euclidean Systems, Inc. 
// "There is no expedient to which a man will not go 
//    to avoid the pure labor of honest thinking."   
//     Honest thought, the real business capital.    
//      Observe> Think> Plan> Think> Do> Think>      
*******************************************************


----------------------------------------------------------------------------

Do you know the base address of the Global Offset Table (GOT) on a Solaris 8 box?
CORE IMPACT does.
http://www.securityfocus.com/core Received on Wed Feb 19 22:59:44 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:33 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library