Reading though my Cisco CCNP Firewall book I came across an interesting paragraph. It started to make me really think about my internet facing devices and other hosts.
Although various urban legends exist of hackers who were acquitted of penetrating
networks by courts who ruled that, because a management access banner used words
such as “welcome,” the organization had invited such access, no credible references to any
such court action exist. However, various attorneys seem to agree on the following guidelines
for what should definitely be included in a login banner: It must clearly identify which
organization owns the asset, so connecting users cannot claim they accidentally logged in
to the wrong network; it must clearly state that only authorized access is acceptable; it
should clearly state that a user should disconnect if not authorized; it should clearly state
what actions the organization will take in response to unauthorized access (generally, prosecution
to the full extent of the law); and, if actions taken during access are logged, the
banner must clearly state this, and that accessing the system provides both user acknowledgment
and acceptance of this fact. – CCNP Security : FIREWALL 642-617, Hucaby, Sequeira
I can think of a few devices which have out of date banners or none at all. Some do not state the owner of the device, who is authorized, and or actions taken in accordance to the law. It is interesting that such depth is covered ranging from access, should or shouldn’t you access this device and goes as far as stating if you are monitoring the said device.
Do you have a standard template? How far do you take banners/MOTD/logins? Leave a comment below and tell me what you think.