Having a spirited debate with a colleague about whether there should be a banner prior to a login or after a login. His stance is that we should minimize as much information being told to someone scanning and have the banner display upon a successful login. I suggested we should have a minimal banner displaying no company information, only a generic banner deterring anyone from attempting to login. I am of the belief that a post-banner doesn't hide anything, the port itself is going to appear open anyway.
Thoughts?
No comments:
Post a Comment