Re: Logon Message

["Bruhn, Mark S." <mbruhn () INDIANA EDU>]

Clearly, I'm a little behind (no jokes, please :)

Many believe that if this can't be done consistently -- that is, such
that anyone and everyone who connects to any service on your network can
see this same  warning -- you shouldn't do it at all.  The legal theory
is that if it isn't displayed consistently, a case could be made (in
court, by an alleged intruder's lawyer, for example) that a system
without it doesn't have the same level of privacy as those that do.  

If you can't do it this way -- we can't in our environment, because of
the diversity of systems and applications -- you should ask your Counsel
to think about it from this angle as well, if they haven't already done.

M.

-- 
Mark S. Bruhn, CISSP, CISM

Chief IT Security and Policy Officer
Interim Director, Research and Educational Networking Information
Sharing and Analysis Center (ren-isac () iu edu)

Office of the Vice President for Information Technology and CIO
Indiana University
812-855-0326

Incidents involving IU IT resources: it-incident () iu edu
Complaints/kudos about OVPIT/UITS services: itombuds () iu edu




-----Original Message-----
From: Steven R. Smith [mailto:Steven.R.Smith () HOFSTRA EDU] 
Sent: Friday, August 01, 2003 1:52 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Logon Message


Greetings all!

We are in the process of implementing a logon message that will appear
each time a user logs on to our network.  The message consists of two
parts: Security, which essentially says these resources are for
authorized users, all activity may be monitored, and if you are not
authorized, please leave;  Privacy, which essentially says the systems
you are accessing may contain information that is protected by Federal
and State law, so you must take all precautions to protect it.

Clearly that's paraphrased, and obviously this is not a new idea.  The
complete message has been approved by our Chief Counsel.

I would like this message to be consistent through out the community
(admin, faculty, and students) and to be presented in a consistent
format.  We were leaning toward a pop-up which appears after
authentication, and requires the user to click ok to continue to login.
However, there is some discussion that it should presented to students
through a different venue that will not be a pop-up.

What have other institutions done regarding this matter?

Any thoughts would be much appreciated.

Steve.

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at
http://www.educause.edu/memdir/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.