|
CIAC Advisory number A- 22
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
________________________________________________________________________
THE COMPUTER INCIDENT ADVISORY CAPABILITY
CIAC
INFORMATION BULLETIN
________________________________________________________________________
Logon Messages and Hacker/Cracker Attacks
March 16, 1990, 1200 PST Number A-22
CIAC has published several recent information bulletins and advisory notices
about hacker/cracker attacks on computers connected to the Internet. This
bulletin suggests a strategy for your site that is important for legal reasons.
In addition, this strategy may help deter some hacking activity.
In many systems a logon screen is displayed during or before the time the user
is asked to enter a user name and password. Sometimes this screen contains a
message which welcomes the potential user to the system. Court cases involving
unauthorized use of computing systems may be thrown out because a welcoming
message was initially displayed. We strongly recommend, therefore, that (when
feasible to implement) every machine at your site should display a warning
message before or during the logon sequence, and that all phrases suggesting
that users are welcome to use the system be removed. An example of a warning
message is the following:
WARNING: Unauthorized access to this computer system is prohibited, and
is subject to criminal and civil penalties.
This type of warning message may also discourage casual hackers from intruding
into a system.
If feasible to implement, it is also important to display to users any failed
logon attempts on their account, and to inform users who they should contact if
their account was probed or accessed by someone else. Finally, we recommend
that the logon screen should advise users to logout when they are through with a
session or when they leave their terminal.
For additional information or assistance, please contact CIAC:
Eugene Schultz
(415) 422-8193 or (FTS) 532-8193
FAX: (415) 423-0913 or (415) 422-4294
You may also send e-mail to:
[email protected]
Neither the United States Government nor the University of California nor any of
their employees, makes any warranty, expressed or implied, or assumes any legal
liability or responsibility for the accuracy, completeness, or usefulness of any
information, product, or process disclosed, or represents that its use would not
infringe privately owned rights. Reference herein to any specific commercial
products, process, or service by trade name, trademark manufacturer, or
otherwise, does not necessarily constitute or imply its endorsement,
recommendation, or favoring by the United States Government or the University of
California. The views and opinions of authors expressed herein do not
necessarily state or reflect those of the United States Government nor the
University of California, and shall not be used for advertising or product
endorsement purposes.
|
|