Howdy globalnoc-ga,
A reminder of the "Important Disclaimer: Answers and comments provided on
Google Answers are general information, and are not intended to substitute
for informed professional medical, psychiatric, psychological, tax, legal,
investment, accounting, or other professional advice."
To start off with, even Cisco indicates this is a complex subject, and one
where you will want to discuss it all with your legal counsel.
http://www.cisco.com/warp/public/707/21.html#warning
"In some jurisdictions, civil and/or criminal prosecution of crackers who
break into your systems is made much easier if you provide a banner
informing unauthorized users that their use is in fact unauthorized. In
other jurisdictions, you may be forbidden to monitor the activities of
even unauthorized users unless you have taken steps to notify them of your
intent to do so.
...
Legal notification requirements are complex, and vary in each jurisdiction
and situation. Even within jurisdictions, legal opinions vary, and this
issue should be discussed with your own legal counsel."
Discussions abound on whether or not to identify or post any detail about
the company on router, etc. login banners. Keeping that in mind, here are
some example banners.
Unauthorized access prohibited
Authorized access only
This system is the property of [YOUR COMPANY NAME]
Disconnect IMMEDIATELY if you are not an authorized user!
Contact [COMPANY EMAIL - COMPANY PHONE NUMBER] for help.
Here is one modified from this Department of Energy Computer Incident
Advisory Capability (CIAC) web page.
http://ciac.llnl.gov/ciac/bulletins/j-043.shtml
NOTICE TO USERS
THIS IS A PRIVATE COMPUTER SYSTEM. It is for authorized use only.
Users (authorized or unauthorized) have no explicit or implicit
expectation of privacy.
Any or all uses of this system and all files on this system may
be intercepted, monitored, recorded, copied, audited, inspected,
and disclosed to authorized site and law enforcement personnel,
as well as authorized officials of other agencies, both domestic
and foreign. By using this system, the user consents to such
interception, monitoring, recording, copying, auditing, inspection,
and disclosure at the discretion of authorized site personnel.
Unauthorized or improper use of this system may result in
administrative disciplinary action and civil and criminal penalties.
By continuing to use this system you indicate your awareness of and
consent to these terms and conditions of use. LOG OFF IMMEDIATELY
if you do not agree to the conditions stated in this warning.
A few from a Seclists.Org Security Mailing List Archive posting.
http://seclists.org/lists/pen-test/2003/Feb/0129.html
-------------
W A R N I N G
-------------
THIS IS A PRIVATE COMPUTER SYSTEM.
This computer system including all related equipment, network devices
(specifically including Internet access), are provided only for
authorized use.
All computer systems may be monitored for all lawful purposes, including
to ensure that their use is authorized, for management of the system, to
facilitate protection against unauthorized access, and to verify security
procedures, survivability and operational security.
Monitoring includes active attacks by authorized personnel and their
entities to test or verify the security of the system. During monitoring,
information may be examined, recorded, copied and used for authorized
purposes.
All information including personal information, placed on or sent over
this system may be monitored. Uses of this system, authorized or
unauthorized, constitutes consent to monitoring of this system.
Unauthorized use may subject you to criminal prosecution. Evidence of
any such unauthorized use collected during monitoring may be used for
administrative, criminal or other adverse action. Use of this system
constitutes consent to monitoring for these purposes.
WARNING: Unauthorized access to this system is forbidden and will be
prosecuted by law. By accessing this system, you agree that your
actions may be monitored if unauthorized usage is suspected.
A review of the following Department of Justice Computer Crime and
Intellectual Property Section (CCIPS) article would help you as well.
"Sample Network Banner Language"
http://www.cybercrime.gov/s&sappendix2002.htm
"Network banners are electronic messages that provide notice of legal
rights to users of computer networks. From a legal standpoint, banners
have four primary functions."
The above article has several examples of login banner language and
legal references, etc.
Here is an interesting white paper by Bob Radvanovsky on the subject,
with samples as well, presented on his Unixworks.net website.
"Whitepaper: Login Warning Banners"
http://www.unixworks.net/papers/wp-007.pdf
"A Discussion about Login/Warning Banners, Their Emplacements and
Their Uses"
If you need any clarification, please feel free to ask.
If you do the below search on Google, it produces more information
on the subject, that might be of help.
Search strategy:
Google search on: login banner legal
://www.google.com/search?q=login+banner+legal
Looking Forward, denco-ga - Google Answers Researcher |