Warning banner

Some server hardening guidelines advised me to add "legal banners" that are visible when you try to log in to a server.
they contain information about how the system is restricted, how only authorized users are allowed in, that it's illegal to enter the system, et c.

it's generally just a way to make it explicitly illegal, so that it'll be harder for people to say "I didn't know I wasn't allowed" if they are prosecuted. it's of course nothing someone would really care about if they wanted to gain entry to a server.

however: what message would scare you off from trying to gain unauthorized entry to a server? what would make you go "I'm not so sure about this", even though you're connected through a VPN and on an ad-hoc live OS?

Kyrillic letters? Moon runes? Honeypot signs? A federal warning?

Other urls found in this thread:

jargon-file.org/archive/jargon-4.4.7.dos.txt
start.umd.edu/news/study-finds-warning-banners-deter-hackers
lsa.umich.edu/content/dam/lsait-assets/lsait-documents/LSA-BannerMesg-Policy.pdf
unixworks.net/papers/wp-007.pdf
definitions.uslegal.com/c/computer-crime/
twitter.com/SFWRedditVideos

make your stuff actually secure

"your will fart out your soul tonight"
Or
"the gpu/ram price will go up with another 50%"

>Disconnect from this server or your mother will die in her sleep tonight.

fake ransomware banner

federal honeypot signs in russian

Don't use those bs banners

fug

Yep, it's required by lynis.

Pick up a random warning such as "illegal activities and intrusion attempts will be logged and reported to the autorities"

If you want to show your haxxorz sk1llz, add some rad meme (so rad that it existed before "memes" were a thing)
>jargon-file.org/archive/jargon-4.4.7.dos.txt
I prefer the updated version
ACHTUNG! ALLES LOOKENSPEEPERS!
Das Internet is nicht fuer gefingerclicken und giffengrabben. Ist eas
y
droppenpacket der routers und overloaden der backbone mit der spammen
und der me-tooen. Ist nicht fuer gewerken bei das dumpkopfen. Das
mausklicken sichtseeren keepen das bandwit-spewin hans in das pockets
muss; relaxen und watchen das cursorblinken.

R8 my banner

unemployed millennial/10

>it's

who still has open ssh ports with password login anyway
its 2018

Every time I go to log into my AFRL account I need to click through about 5 legal warnings that only AF employees can sign in. Maybe that?

>"I didn't know I wasn't allowed"
This never was an excuse ever. Some countries even explicitly state in the law that you are required to know the law (sounds a bit catch 22ish but really isn't).

No need for unnecessary work. If unauthorized access to information systems is illegal in you country already these banners don't do shit. Do start your ssh welcome message with a handful of newlines to crash many script kiddies automated attacks.

not the frogposter but
a) the banner is displayed even if you use keyfiles for ssh
b) the ports can be closed, and only be opened through knocking, and the banner will still be displayed when connecting to the sshd

I'm assuming you're not implying I'm not going to have ssh access to my servers

This is an actual thread that exists and a human made it.

This. Exposing SSH on a public interface is retarded.

>>I'm assuming you're not implying I'm not going to have ssh access to my servers

That is what private networks are for.

kekd

care to elaborate for an illiterate fag?

having a banner and port knocking is daft
why not though

feel free to explain how the service is "exposed"? sure, it's listening on the port. but port-knocking + password login disabled + password-protected keyfile + possibly IP-based restrictions should be enough for most people

I have no servers in my local network. are you suggesting a VPN?

no, because warnings can in some jurisdictions be necessary in order for the data breach to be classified as a crime. banners are also aimed towards the user to remind them of their responsibilities, and also to anyone seeking unauthorized access.

also: port knocks can fail, or be bypassed.

It's the digital equivalent of pic related.

Ideally you would want to host SSH on the private intranet that only you have access to whether locally or through a VPN. Even if your server is hosted offsite most providers nowadays offer free private networks for more secure communications between your stack.

>have to tell them its a crime for it to be counted as a crime
literally where
like you're gonna bring charges to them in the first place

good security beats any stupid warnings you might put on your shit

which providers offer a free vpn tunnel?

>free tunnels
Don't do that to yourself. If you need SSH tunnels, good ones aren't expensive. You can get service from Tunnelr for like $6 a month.

okay
start.umd.edu/news/study-finds-warning-banners-deter-hackers

>literally where

>Criminal court cases have been dismissed because the computer used to perpetrate the crime did NOT have a proper use banner message displayed.

lsa.umich.edu/content/dam/lsait-assets/lsait-documents/LSA-BannerMesg-Policy.pdf

---
>The prosecution of an individual in a criminal case must show that the individual’s actions were intentional in nature

>However, upon their sentence, they may argue that they were ignorant to any
specified law or that they were unaware that their actions were unauthorized, thereby
inducing the court to mitigate whatever penalty may be imposed. If the example warning is
issued, it will be extremely difficult for an individual to present such arguments.

>Use of the warning or login banners is strongly recommended.

unixworks.net/papers/wp-007.pdf
---
For example in the US:
>The computer crime of hacking is committed when a person willfully, knowingly, and without authorization or without reasonable grounds to believe that he or she has such authorization, attempts or achieves access, communication, examination, or modification of data, computer programs, or supporting documentation residing or existing internal or external to a computer, computer system, or computer network.

Legal banners cover "willfully/knowingly".

definitions.uslegal.com/c/computer-crime/

iirc this is also true (or at least it was true) in the EU

---
>good security beats any stupid warnings

see the above study. also: it's not like it's either/or

to the host network not the public internet
learn to read

>a few months from becoming lawyer

I've done some case study on this in school. The argument "oh I did not know I was trespassing" makes sense in property cases where some dude has 1000 acres of land and they try to charge someone for trespassing when no sign was posted since not everyone's a land surveyor...

However, with tech it would take quite a lot of effort for the defendant to prove they didn't understand that a password meant "keep out" unless they grew up in a cave. Sort of like explaining that you didn't know you couldn't break the lock on a door.

why would a VPN be more secure than SSH?

No warning banner will scare them off. It's a CYA move in case a user tries shit, then tries to sue because you were logging them and they come up with some BS claim to privacy.

Use a security scanner, both an internal and external, follow basic published baselines.

This is really pretty easy tier shit.

basically you would use an encryoted network to access an encrypted connection on a local network.

how does this harden security and be 'ideal' compared to a properly configured ssh connection? (root login and password disabled, group and IP restriction, bruteforce timeout and IP ban, different knock knock port) Considering both the security improvements and the infrastructure cost your solution would bring.

In a single server/VM use case it does not make sense to use a VPN. However, in a business or modern application sort of situation where you have multiple virtual machines/servers performing separate tasks in your environment it makes a lot of sense. You have a VPN that gives you access to the private intranet between these servers and then you have additional authentication on the servers themselves since you would want different users to have different levels of access. No one is saying you shouldn't use an rsa key to access the server if it's behind a VPN. Either way, SSH is not exposed on a public IP, thus decreasing your attack surface.

The VPN is just an access point to the private intranet in this case.

I kind of like this idea. just make the page look like it will download some malware if you click on anything. not professional looking but an interesting idea.

>use of this machine by its owner will be punished