Re: login banners

I to do this day cannot believe the law has not matured on this issue.

Questions to ponder....

If I put a welcome mat in front of front door does that give an individual to come into my home? With this analogy should warning banner really matter? Do in need to put my warning banners in multiple languages? To many issues here.

If a user is properly indoctrinated into the information system are banners truly needed. Ahhh... The IA hope for commonality in user awareness training throughout the private, government, international sectors. How about taking a test before receiving a modem, dsl etc connection in your home? Its amazing the amount of licenses we must receive with other items (Driving, Hunting Fishing etc...) why not this?

Still yet, I use Warning Banners on all information systems that have the capability to support a banner (web, servers, clients, routers, switches etc.)

As far as monitoring... If I put a surveillance (IDS) system around my home is this illegal? Must I place a notification? Help me on this issue because frankly I am ignorant on this one.

ECPA rules are fair and should be adhered to. There is measurable business case for this in addition to the privacy\law issues.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

I have been fairly brief in my statements because I know all reading this are smart folks and can take the next step.

The law needs to grow up and get with it. I am not a lawyer by any means.

Simplicity in work here.

Respectfully
Ron Mehring
Information Assurance
USMC

• Original Message ----- From: "Bob Radvanovsky" <rsradvan@unixworks.net> To: "Patrick Kingi" <Patrick.Kingi@nz.logical.com> Cc: <pen-test@securityfocus.com> Sent: Wednesday, February 19, 2003 5:16 PM Subject: Re: login banners

> See replies and/or URL posting for additional information.
and
> Web surfing.
regular
> course of their duties. So it seems to me that the policy aspect becomes
they
> do stumble across criminal activity; in that case, another set of policies
modified
> a little bit, so if you use this banner, you should: (1) check with the IT
use.
> All computer systems may be monitored for all lawful purposes, including
to
> ensure that their use is authorized, for management of the system, to
by
> authorized personnel and their entities to test or verify the security of
the
> system. During monitoring, information may be examined, recorded, copied
and
> used for authorized purposes. All information including personal
information,
> placed on or sent over this system may be monitored. Uses of this system,
system.
> Unauthorized use may subject you to criminal prosecution. Evidence of any
such
> unauthorized use collected during monitoring may be used for
administrative,
> criminal or other adverse action. Use of this system constitutes consent
to
> monitoring for these purposes."
your
> actions may be monitored if unauthorized usage is suspected."
you
> are protected.
legal
> institution, agency, and/or representative thereof. I am not an attorney,
banners
> >warn the users that unauthorised access is not allowed, your activity may
be
> >logged etc...
> >
> >A client has asked if there is any evidence that this really matters. I
> >heard a story once upon a time that a hacker did not get prosecuted
because
> >the login banner said something like "Welcome to your friendly
neighborhood
> >computer". Is this an urban legend?
> >
> >Does anyone have any evidence that the login banner has been used in
court?
> >
> >Any help would be appreciated.
> >
> >regards,
> >Patrick
> >
> >
>
>---------------------------------------------------------------------------
-
> >
> >Do you know the base address of the Global Offset Table (GOT) on a
Solaris 8
> >box?

--

>

> Do you know the base address of the Global Offset Table (GOT) on a Solaris


8

> box?

> CORE IMPACT does.




----------------------------------------------------------------------------

Do you know the base address of the Global Offset Table (GOT) on a Solaris 8
box?
CORE IMPACT does.
http://www.securityfocus.com/core