work and IT @ 22 Jul 2008 04:14 pm by ayoi
I think this is one of the most overlooked items when putting machines/systems/application on the wire. Perhaps when we build up as example a machine that will host web applications that will be offered to the public via internet, or for our business partner via extranet and perhaps for internal purpose only via Intranet, we might concentrate on the auditing the source code to eliminate any possible flaws, opened ports, necessary services required to run on the machine, platform harderning and many others.
However do we ever emplace any warning banners within the main page of our authentication required web page? As example like web based email login page, business partners login page or perhaps for the general public as well when your organization offers web application services to them.
Why Warning Banners?
First of all, warning banners will limit the presumption of privacy of the users. Let say you provide a remote access services (ssh/rlogin/telnet/VPN) to your network for your staff to enable them working from remote places. It’s a good practice which will save a lot of travel time and resource mobilization. But what if some day you’ve detected that the machine that provide remote access behave strangely or you’ve discovered that some of the sensitive files have been missing/copied/transferred from the machine? So as a good security personnel you will start your investigation, analyzing the logs, collecting evidence, scrutinize the keylogger logs, performing the incident handling phases accordingly and after spent few days doing these, you’ve managed to gather all the necessary information and evidence to nail down the culprit.
Then you present the evidence to the HR for further action. So the HR calls the culprit, questioning him on what he has done and decided that dicipline actions will be taken against him.
But then the culprit says,
“How do I know that what I’ve done is wrong? I have a legitimate access to the machine, there’s no notice that says what I can or can not do, in fact it says
Welcome to FreeBSD!
Before seeking technical support, please use the following resources:...."
Btw I didn’t know that my activities in the machine will be recorded and monitored. I think you guys have intrude my privacy and my rights on that machine.”
Kewl eh?
That’s why it is better to have a warning banner that will make the users aware about the policy of using those assets. A warning banner should inform the users that:
a). Authorized activity permitted by the policy on that particular machine or device.
b). Any abuse of usage or unauthorized activity or unauthorized access will face civil or criminal penalties.
c). All the activity will be monitored and will be recorded
d). Any possible criminal activities or evidence recorded can be submitted to the law enforcement for further actions.
However it is important that the words or phrases that you are going to use in the warning banners to be reviewed by the legal department and endorsed by them. Also ensure that this endorsement should be in writing so that we can record it.
There are many samples of this warning banners either in sense of the content or the emplacement of the banner itself. Papers like the one available at unixwork.net titled “Login Warning Banners: A Discussion about Login/Warning Banners, Their Emplacement and Their Uses” discuss on the emplacement of the warning banners, their purpose and of cause it does provide a simple how to create and emplace this banners in Windows based and Unix based operating systems.
So do your systems have Warning Banners?
Haha. I remember my networking lecturer used to reminded us to set the warning banner not a welcome banner.
“Authorized personnel only. Trespasser will be prosecuted.”