Bob Konigsberg wrote:
***DELETIA*** of real good stuff..
>
> Remote Access servers
> o Don't identify your organization in the welcome string
> Use welcome phrases like "Welcome to Remote Access server #1"
> o Log all login successes, failures, login times, durations, etc.
> The amount of information you can glean from these is amazing.
Just as an aside, there have been many cases of attempted prosecution
of crackers and vandals that have been dismissed because the companies
put up banners that start with "Welcome to ....", which the courts
in more than one state have held constitutes an offer of 'welcoming'
entry by anyone that wanders by.
'Tis better to be obnoxiously blunt, which gives you (and the local
constabulary...) some room to prosecute the netscum than to be polite
and have a perfectly good chance of nailing some miscreant get dismissed
because some judge decides that your warning banner that starts with
the word "welcome" is actually an invitation to any user.
As always, consult your local lawyer for this. Other countries, I have
no idea what your legalities are.
--
Bryan D. Boyle | EMAIL: bdboyle @
erenj .
com 908-730-3338
#include <disclaimer> | http://www.access.digex.net/~bdboyle/index.html
"The myth that Bill Gates has appeared like a knight in shining armor to
lead all customers out of a mire of technological chaos neatly ignores
the fact that it was he who, by peddling second-rate technology, led
them into it in the first place, and continues to do so today."
--Douglas Adams
References:
|
|
