Friday, March 2, 2018

SSH/HTTPS Banners Pre-login or Post-login?

Having a spirited debate with a colleague about whether there should be a banner prior to a login or after a login. His stance is that we should minimize as much information being told to someone scanning and have the banner display upon a successful login. I suggested we should have a minimal banner displaying no company information, only a generic banner deterring anyone from attempting to login. I am of the belief that a post-banner doesn't hide anything, the port itself is going to appear open anyway.

Thoughts?



No comments:

Post a Comment