1.3.4 Set the 'banner-text' for 'webauth banner'

Information

This banner is displayed to all terminals connected and is useful for sending messages that affect all users (such as impending system shutdowns). Use the no exec-banner or no motd-banner command to disable the banner on a line. The no exec-banner command also disables the EXEC banner on the line.

When a user connects to the router, the MOTD banner appears before the login prompt. After the user logs in to the router, the EXEC banner or incoming banner will be displayed, depending on the type of connection. For a reverse Telnet login, the incoming banner will be displayed. For all other connections, the router will display the EXEC banner.

"Network banners are electronic messages that provide notice of legal rights to users of computer networks. From a legal standpoint, banners have four primary functions.

- First, banners may be used to generate consent to real-time monitoring under Title III.
- Second, banners may be used to generate consent to the retrieval of stored files and records pursuant to ECPA.
- Third, in the case of government networks, banners may eliminate any Fourth Amendment "reasonable expectation of privacy" that government employees or other users might otherwise retain in their use of the government's network under O'Connor v. Ortega, 480 U.S. 709 (1987).
- Fourth, in the case of a non-government network, banners may establish a system administrator's "common authority" to consent to a law enforcement search pursuant to United States v. Matlock, 415 U.S. 164 (1974)." (US Department of Justice APPENDIX A: Sample Network Banner Language)

Solution

Configure the webauth banner presented when a user connects to the device.

hostname(config)#ip admission auth-proxy-banner http {banner-text | filepath}

Impact:

Organizations provide appropriate legal notice(s) and warning(s) to persons accessing their networks by using a 'banner-text' for the banner motd command.

See Also

https://workbench.cisecurity.org/benchmarks/17130

Item Details

Category: AWARENESS AND TRAINING, PROGRAM MANAGEMENT

References: 800-53|AT-1, 800-53|AT-2, 800-53|PM-13, CSCv7|17.3

Plugin: Cisco

Control ID: bf389e4a9b982356e8808e89965a66139271121840417d04e671923796104a0a