Re: Logon Banners

From: Hugo van der Kooij (hvdkooij@vanderkooij.org)
Date: 03/23/02 

Date: Sat, 23 Mar 2002 10:12:44 +0100 (CET)
From: Hugo van der Kooij <hvdkooij@vanderkooij.org>
To: Incidents Mailing List <incidents@securityfocus.com>

On Sat, 23 Mar 2002, leon wrote:

> There is a thread going on, on the sf-basics list about logon banners
> and legalities. The general consecutions seems to be one of two
> groups of thought; 1) If you put welcome in your logon on banner
> this could make you legally responsible if you are attacked (meaning
> the attacker can say, "well it said welcome".) 2) This is an urban
> legend and not really true.
>
> My question is can anyone provide links showing that there have been
> court cases decided upon this? I found a reference in one of my
> cisco design books but it does not provide links or any other
> cross-reference.

Well a good link may be: http://www.ciac.org/ciac/bulletins/j-043.shtml

Stating:

A requirement for successfully prosecuting those unauthorized users who
improperly use a government computer is that the computer must have a
warning banner displayed at all access points. That banner must warn
authorized and unauthorized users
  1) about what is considered the proper use of the system,
  2) that the system is being monitored to detect improper
     use and other illicit activity,
  3) that there is no expectation of privacy while using
     this system.
The technical details for implementing banners is dependent on the
particular operating system and access point.

Hugo. 

-- 
All email send to me is bound to the rules described on my homepage.
    hvdkooij@vanderkooij.org		http://hvdkooij.xs4all.nl/
	    Don't meddle in the affairs of sysadmins,
	    for they are subtle and quick to anger.

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com