RE: login banners

From: Brearley, Kyle (KBrearley@chittenden.com)
Date: Wed Feb 19 2003 - 16:37:26 EST


i work for a major bank and we use warning banners, login banners etc for that reason. it is possible for attackers to plead ignorance in that they were unaware they were on a system that prohibited unauthorized access. routers and the like should definitely have them. same goes for windows systems. it takes a matter of 2 minutes to set it up, it's like why not? better to be safe than sorry.

KYLE

-----Original Message-----
From: Patrick Kingi [mailto:Patrick.Kingi@nz.logical.com]
Sent: Monday, February 17, 2003 7:55 PM
To: pen-test@securityfocus.com
Subject: login banners

Greetings all,

It has been standard practice to ensure systems ensure their login banners
warn the users that unauthorised access is not allowed, your activity may be
logged etc...

A client has asked if there is any evidence that this really matters. I
heard a story once upon a time that a hacker did not get prosecuted because
the login banner said something like "Welcome to your friendly neighborhood
computer". Is this an urban legend?

Does anyone have any evidence that the login banner has been used in court?

Any help would be appreciated.

regards,
Patrick

----------------------------------------------------------------------------

Do you know the base address of the Global Offset Table (GOT) on a Solaris 8
box?
CORE IMPACT does.
www.securityfocus.com/core

----------------------------------------------------------------------------

Do you know the base address of the Global Offset Table (GOT) on a Solaris 8
box?
CORE IMPACT does.
http://www.securityfocus.com/core



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:28 EDT