Warning Banners

Mr BigMr Big Member Posts: 47 ■■□□□□□□□□
Hi all,

Anyone have any examples or good idea's on warning banners? Just want to get an overview of a standard banner to use on all our routers, if anyone can post some samples it would help alot, thanks!

Comments

  • DirtySouthDirtySouth Member Posts: 314 ■□□□□□□□□□
    Maybe this will help:
    Examples:
    Make sure every router has an appropriate warning banner that includes wording that states:

    The router is for authorized personnel only.

    The router is for official use only.

    Users have no expectations of privacy.

    All access and use may (not will) be monitored and/or recorded.

    Monitoring and/or recording may be turned over to the appropriate authorities.

    Use of the system implies consent to the previously mentioned conditions.

    Suggested Rules:
    Make sure the banner does not say Welcome anywhere in it.

    Make sure the banner does not include any identifying information relating to the router, the administrators, or the organization running the router.

    Check local legal requirements to make sure the banner contains all necessary language and content.

    Use the banner login command to display the banner every time a user attempts to log in.

    Use the banner exec command to display the banner a second time every time a user starts an EXEC or shell prompt.
  • forbeslforbesl Member Posts: 454
    "THIS IS A (Name of Company) COMPUTER SYSTEM. THIS COMPUTER
    SYSTEM, INCLUDING ALL RELATED EQUIPMENT, NETWORKS AND NETWORK DEVICES
    (SPECIFICALLY INCLUDING INTERNET ACCESS), ARE PROVIDED ONLY FOR
    AUTHORIZED USE. (Name of Company) SYSTEMS MAY BE MONITORED
    FOR ALL LAWFUL PURPOSES, INCLUDING TO ENSURE THAT THEIR USE IS
    AUTHORIZED, FOR MANAGEMENT OF THE SYSTEM, TO FACILITATE PROTECTION
    AGAINST UNAUTHORIZED ACCESS, AND TO VERIFY SECURITY PROCEDURES,
    SURVIVABILITY AND OPERATIONAL SECURITY. MONITORING INCLUDES ACTIVE
    ATTACKS BY AUTHORIZED COMPANY ENTITIES TO TEST OR VERIFY THE SECURITY OF
    THIS SYSTEM. DURING MONITORING, INFORMATION MAY BE EXAMINED,
    RECORDED, COPIED AND USED FOR AUTHORIZED PURPOSES. ALL INFORMATION,
    INCLUDING PERSONAL INFORMATION, PLACED ON OR SENT OVER THIS SYSTEM MAY
    BE MONITORED.

    USE OF THIS (Name of Company) SYSTEM, AUTHORIZED OR UNAUTHORIZED,
    CONSTITUTES CONSENT TO MONITORING OF THIS SYSTEM. UNAUTHORIZED USE
    MAY SUBJECT YOU TO CRIMINAL PROSECUTION. EVIDENCE OF UNAUTHORIZED USE
    COLLECTED DURING MONITORING MAY BE USED FOR ADMINISTRATIVE, CRIMINAL
    OR OTHER ADVERSE ACTION. USE OF THIS SYSTEM CONSTITUTES CONSENT TO
    MONITORING FOR THESE PURPOSES."
  • D-boyD-boy Member Posts: 595 ■■□□□□□□□□
    Warning Banners
    In some jurisdictions, civil and criminal prosecution of crackers who break into your systems is made much easier if you provide a banner that informs unauthorized users that their use is unauthorized. In other jurisdictions, you can be forbidden to monitor the activities of even unauthorized users unless you have taken steps to notify them of your intent. One method to provide this notification is to put it into a banner message configured with the Cisco IOS banner login command.

    Legal notification requirements are complex, and vary in each jurisdiction and situation. Even within jurisdictions, legal opinions vary, and this issue should be discussed with your own legal counsel. In cooperation with counsel, you must consider what information is put into your banner:

    A notice that the system is to be logged in to or used only by specifically authorized personnel, and perhaps information about who can authorize use.

    A notice that any unauthorized use of the system is unlawful, and can be subject to civil and/or criminal penalties.

    A notice that any use of the system can be logged or monitored without further notice, and that the resulting logs can be used as evidence in court.

    Specific notices required by specific local laws.

    From a security, rather than a legal point of view, your login banner must not contain any specific information about your router, its name, its model, what software it runs, or who owns it. This information can be abused by crackers.
  • ArturasjArturasj Member Posts: 24 ■□□□□□□□□□
    WARNING! Access to this device is restricted to those individuals with specific
    Permissions. If you are not an authorized user, disconnect now.
    Any attempts to gain unauthorized access will be prosecuted to
    the fullest extent of the law
  • ebykmebykm Member Posts: 29 ■□□□□□□□□□
    unfortunately, none of the my routers (26xx and 25xx) can display banners that looooooong. Is there any special command for such loooooong banners ?. Thanks
  • DirtySouthDirtySouth Member Posts: 314 ■□□□□□□□□□
    WARNING: Mess wit' my shat & you die!
  • ArturasjArturasj Member Posts: 24 ■□□□□□□□□□
    My example above is taken from my PIX at work, I've just tried to use it on my routers at home, but the 2500 wouldn't take it. But I remember from my CCNA studies that there are certain rules for the banners and it's possible to do quite big over several lines.

    Anyway check this out. Telnet to: towel.blinkenlights.nl
    This is the best banner I've ever seen.
  • CIREZCIREZ Member Posts: 3 ■□□□□□□□□□
    That was definitely one of the coolest banners I'd ever seen Arturasj!

    I just showed all the network and server guys here at work....
    Can't go wrong with that banner!
  • davidspirovalentinedavidspirovalentine Member Posts: 353 ■■■■□□□□□□
    What an old post :) I am using the warning from Arturasj above.

    Great stuff :)
    Failure is a stepping stone to success...
Sign In or Register to comment.