Privacy and Security Notice

CC Home | JLAB Home | JLAB Internal

Helpdesk | Services | Scientific Computing | Networks | Telecommunications | CAD/CAE | Policies

Warning Banners

As part of the Department of Energy's security stance we are required to install and maintain warning banners on all computer systems. The reasons for doing so include legal requirements should prosecution of intruders ever become necessary. In addition the banners warn all users that anything they do on the systems is subject to monitoring. The requirement to have the banners in place variously mentions "DoE-owned" and "Government-owned" computers. However, because of the issues involved with warning about monitoring we must conservatively interpret this to mean "all computers attached to the Jefferson Lab network" since we monitor all network traffic.

The banner is to be presented at all "access points" of the system, a primary one being the console. Physical labels that provide appropriate warnings to console users are to be installed on all monitors on site. The Helpdesk (x7155) will mail labels on request. To reiterate, all machines must have a physical label that details the access waring.

In summary, all computers on site and attached to the network (and this means practically every computer) must display a version of the warning banner to a user logging into the machine. The lab must report monthly to DoE how many of the systems display the banners, and should this number not be 100% we are obliged to explain why.

Responsibility

The responsibility for ensuring banners are in place devolves as follows:

1. Computer Center staff for all centrally managed systems, and all PC's connected to the JLAB Windows NT domain,
2. Accelerator Controls group staff for all systems managed by them,
3. Line managers to ensure that all systems owned or used by their groups comply with the request,
4. Individuals must ensure that every computer they are responsible for displays a banner, both to users who log in at the monitor, and to any user who may be able to access the system remotely (telnet, ssh, etc.).

How to implement the banners

General technical information for banner installation for most machines and applications is available in CIAC's Bulletin J-043.

The following links present solutions that are tailored to our local environment and, thus, should provide simpler procedures.

All machines will fall under the first category and many will fall under at least one other. Check for services that are provided by your machine to ensure that appropriate warning banners are in place.

All Machines on site

Physical labels that provide appropriate warnings are to be installed on all monitors on campus. The Helpdesk (x7155) will send labels on request.

JLab Microsoft-based systems

If you log into the JLab domain, you already have a login banner installed (your registry is updated automatically). You do not need to do anything more.

If you do not log into the JLAB domain, then the following links will provide information on the requisite banner:

• NT banner
• Win95/98 banner
• Windows 2000 banner

Unix systems

• Banners for Linux, Solaris, and HP
• A graphical banner for XDM on Linux

Apple Macintosh

See Macintosh Startup Banner.

Other systems and applications

It is likely that in the near future web servers must be configured to provide a security notice (or link - like the one at the foot of this page) on every page. Techniques exist to do this on Apache and Microsoft IIS servers. Details will be published if and when this becomes a requirement.

See also CIAC's Bulletin J-043 for current techniques.