This chapter is short, but very important. Every router should have an appropriate warning banner for all login access. These banners, however, are often thought of as pure fluff by those technically inclined. How could a warning banner serve as any protection against a hacker? What hacker is going to go away because a warning banner tells him to? It is important to remember that warning banners are not implemented to provide technical protection. They provide legal protection. | Page 52 Friday February 15 2002 2 54 PM CHAPTER 6 Warning Banners This chapter is short but very important. Every router should have an appropriate warning banner for all login access. These banners however are often thought of as pure fluff by those technically inclined. How could a warning banner serve as any protection against a hacker What hacker is going to go away because a warning banner tells him to It is important to remember that warning banners are not implemented to provide technical protection. They provide legal protection. Legal Issues Because many technicians see warning banners as worthless in the prevention of hack attacks most systems have no banners. Even if management requires that banners be put in place most administrators don t understand what a banner should say to provide legal protection so even systems that have banners often include ineffectual ones. A good warning banner has four main goals. It needs to Be legally sufficient for prosecution of intruders Shield administrators from liability Warn users about monitoring or recording of system use Not leak information that could be useful to an attacker Each banner should address the following issues Authorized users only The banner should specify that this system is for authorized users only. This specification keeps a hacker from claiming ignorance. While not the most effective legal strategy with the novelty of computers and lack of case law prosecutors are concerned enough about it that it should be included in every banner. 52 Page 53 Friday February 15 2002 2 54 PM Official work In addition to restricting the system to authorized users the banner should state that the system is to be used for official work only. This statment closes the loophole of an authorized user attempting unauthorized activities. No expectation of privacy Every banner should explicitly state that there is no expectation of privacy when using the system. This statement is extremely .
