From: Bernie, CTA (cta@hcsin.net)
Date: Wed Feb 19 2003 - 19:27:38 EST
At first glance one would say that login banners are analogous
to someone putting a "do not trespass" sign out on their lawn.
However, there is a significant difference in that the person
attempting computer access could be using a legitimate auto
login program that prevents the user from seeing your banner.
Accordingly, I would imagine that a grounded legal argument
could be made to establish that the user was using an
automated tool and consequently in good faith did not know. In
my opinion, the weight of such an argument may be light but
effective in a civil litigation, it is probably sufficient to establish
reasonable doubt in a criminal prosecution.
>From a security point of view, my practice is not to use
banners on systems that could be accessed via public
networks, as doing so alerts a would be attacker that there may
be something valuable awaiting within. In addition, I believe that
using banners also elevate potential risks of system finger
printing or exploitation of the login program. Conversely, I do
believe in using banners on internal systems which state
something like "Only authorized users may attempt or login to
this system. Be aware that unauthorized login or attempts are a
violation of XYZ Computer Security Policy, and consequently
you may be terminated from employment, and/or civilly or
criminally prosecuted."
On 19 Feb 2003, at 16:37, Brearley, Kyle wrote:
> i work for a major bank and we use warning banners, login banners
> etc for that reason. it is possible for attackers to plead
> ignorance in that they were unaware they were on a system that
> prohibited unauthorized access. routers and the like should
> definitely have them. same goes for windows systems. it takes a
> matter of 2 minutes to set it up, it's like why not? better to be
> safe than sorry.
>
> KYLE
>
> -----Original Message-----
> From: Patrick Kingi [mailto:Patrick.Kingi@nz.logical.com]
> Sent: Monday, February 17, 2003 7:55 PM
> To: pen-test@securityfocus.com
> Subject: login banners
>
>
> Greetings all,
>
> It has been standard practice to ensure systems ensure their
> login banners warn the users that unauthorised access is not
> allowed, your activity may be logged etc...
>
> A client has asked if there is any evidence that this really
> matters. I heard a story once upon a time that a hacker did not
> get prosecuted because the login banner said something like
> "Welcome to your friendly neighborhood computer". Is this an
> urban legend?
>
> Does anyone have any evidence that the login banner has been used
> in court?
>
> Any help would be appreciated.
>
> regards,
> Patrick
>
>
> -----------------------------------------------------------------
> -----------
>
> Do you know the base address of the Global Offset Table (GOT) on
> a Solaris 8 box? CORE IMPACT does. www.securityfocus.com/core
>
>
> -----------------------------------------------------------------
> -----------
>
> Do you know the base address of the Global Offset Table (GOT) on
> a Solaris 8 box? CORE IMPACT does.
> http://www.securityfocus.com/core
>
>
>
-
-
****************************************************
Bernie
Chief Technology Architect
Chief Security Officer
cta@hcsin.net
Euclidean Systems, Inc.
*******************************************************
// "There is no expedient to which a man will not go
// to avoid the pure labor of honest thinking."
// Honest thought, the real business capital.
// Observe> Think> Plan> Think> Do> Think>
*******************************************************
----------------------------------------------------------------------------
Do you know the base address of the Global Offset Table (GOT) on a Solaris 8
box?
CORE IMPACT does.
http://www.securityfocus.com/core
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:28 EDT