Banner Messages
Banners are advisory letters that can be displayed to users who affix to the device. Banners are important messaging
tools acclimated to acquaint the crooked users of their action and best chiefly to acquaint them they are actuality monitored and
logged. Banderole letters are actual advantageous for law enforcement.
There are bristles types of banderole messages:
Message-of-the-day banderole (MOTD): A message-of-the-day (MOTD) banderole is displayed back a user connects to the
router on all affiliated terminals. This banderole is displayed at login and is advantageous for sending letters that affect all
network users. The banderole motd command in all-around agreement approach can be acclimated to configure a MOTD banner
message.
Login banner: A login banderole is configured to be displayed on all affiliated terminals. This banderole is displayed afterwards MOTD banderole appears and afore the login prompt. The banderole login command in all-around agreement approach can be to configure a login banderole message.
EXEC banner: Depending on the blazon of the connection, an EXEC banderole is displayed afterwards the user auspiciously logs the router. An EXEC banderole is configured to be displayed whenever an EXEC action is initiated. For example, this banner
is displayed to users telneting to the arrangement afterwards entering their usernames and passwords, but afore the user EXEC alert is displayed. The banderole exec command in all-around agreement approach can be acclimated to configure an EXEC banner
message.
Incoming banner: An admission banderole is displayed on terminals affiliated to about-face Telnet lines, usually accomplished from
the arrangement ancillary of the router. This banderole is advantageous for accouterment instructions to users. The banderole admission command all-around agreement approach can be acclimated to configure an admission banderole message.
SLIP-PPP banderole message: Default banderole letters accept been accepted to account connectivity problems in some non-
Cisco Serial Band Internet Protocol (SLIP) and Point-to-Point Protocol (PPP) dialup software connections. The SLIP-PPP
banner bulletin can now be customized to accomplish Cisco SLIP and PPP accordant with non-Cisco dialup software. The
banner slip-ppp command in all-around agreement approach can be acclimated to configure an admission banderole message.
An archetype of a login banderole follows:
*****************************************************************
* WARNING: This is a controlled admission arrangement with login *
* belted to accustomed personnel. Crooked admission *
* is a bent breach beneath the Computer Misuse Act of 1990. *
* Any crooked admission attack will be advised and *
* prosecuted to the abounding admeasurement of the law. *
* -------------------------------------------------------- *
* YOUR LOGIN DETAILS HAVE BEEN CAPTURED AND LOGGED *
* -------------------------------------------------------- *
* If you are not an accustomed user, abstract now. *
*****************************************************************
Banners can be customized by application banderole tokens. Tokens are keywords in the anatomy $(token ) that, back acclimated in a banner
message, affectation the currently configured amount of the badge altercation (for example, the router hostname, area name, or address). By application these tokens, you can acquiesce customized banners to be advised that affectation accepted Cisco IOS configuration
variables. Alone Cisco IOS-supported tokens may be used. There is no ability to ascertain user-defined tokens. Table 3-1 lists the
tokens accurate by the altered banderole commands.
$(hostname)
Router hostname
Yes
Yes
Yes
Yes
Yes
$(domain)
Router area name
Yes
Yes
Yes
Yes
Yes
$(peer-ip)
IP abode of the associate machine
No
No
No
No
Yes
$(gate-ip)
IP abode of the aperture machine
No
No
No
No
Yes
$(encap)
Encapsulation blazon (SLIP or PPP)
No
No
No
No
Yes
$(encap-alt)
Encapsulation blazon displayed as SL/IP instead of SLIP
No
No
No
No
Yes
$(mtu)
Maximum manual assemblage (MTU) size
No
No
No
No
Yes
$(line)
VTY or TTY band number
Yes
Yes
Yes
Yes
No
$(line-desc)
User-specified description of the line
Yes
Yes
Yes
Yes
No
Table 3-1. Tokens Allowed by Banderole Type
Token Description motd
banner
login
banner
exec
banner
incoming
banner
slip-ppp
banner
Cisco IOS Software has a cardinal of casework and protocols accessible on a device. Many of them are accidental in normal
operation and can be affected to advice acquisition or arrangement attacks. It is important to analyze all the casework on each
device and ensure that they are configured appropriately (with accustomed security). Alone appropriate casework should be enabled devices, and accidental casework and protocols should be disabled. Limiting these accidental and exceptionable casework and
protocols active on the accessory abundantly enhances the accessory aegis and prevents it from actuality exploited by the accepted and
unknown vulnerabilities.
The sections that chase outline some of the accepted casework and protocols accessible in IOS and added Cisco accessories such as
firewalls. Some of these casework are acclimated for administration (for example, Cisco Discovery Protocol [CDP], Simple Network
Management Protocol [SNMP], Arrangement Time Protocol [NTP], Hypertext Transfer Protocol [HTTP]). These administration services
must be deeply configured to acquiesce admission to accustomed users only. Careful application should be taken to actuate these
services and protocols with accustomed configuration.