Should I use a login banner and if so, what should it say?
Solution 1:
From Prosecuting Computer Crimes, a publication of the United States Department of Justice:
Best Practices for Victim Response and Reporting
A. Steps Before Confronting an Intrusion
Consider Using Banners - Real-time monitoring of attacks is usually lawful, if prior notice of this monitoring is given to all users. For this reason, organizations should consider deploying written warnings, or "banners," on the ports through which an intruder is likely to access the organization's system and on which the organization may attempt to monitor an intruder's communications and traffic. If a banner is already in place, it should be reviewed periodically to ensure that it is appropriate for the type of potential monitoring that could be used in response to a cyberattack. More information on this topic can be found on CCIPS' website at http://www.cybercrime.gov.
Also, here are some sample NETWORK BANNER language as recommended by USDOJ and explanation for their functions, from Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations, also by the U.S. Department of Justice:
APPENDIX A: Sample Network Banner Language
Network banners are electronic messages that provide Notice of legal rights to users of computer networks. From a legal standpoint, banners have four primary functions. First, banners may be used to generate consent to real-time monitoring under Title III. Second, banners may be used to generate consent to the retrieval of stored files and records pursuant to ECPA. Third, in the case of government networks, banners may eliminate any Fourth Amendment "reasonable expectation of privacy" that government employees or other users might otherwise retain in their use of the government's network under O'Connor v. Ortega, 480 U.S. 709 (1987). Fourth, in the case of a non-government network, banners may establish a system administrator's "common authority" to consent to a law enforcement search pursuant to United States v. Matlock, 415 U.S. 164 (1974).
This is definitely a legal matter that shouldn't be so easily overlooked. More than likely, you SHOULD consult with your legal department (if you have one), or corresponding decision makers. Also, whatever is implemented in the banners, that being said for internal and external should probably not be redundant with already agreed Network Use Policies (probably don't want to constantly alert people about something they have already agreed on)
Solution 2:
Speak to your legal people, it's not up to the techies to decide what goes into it, this is a policy matter, not a technical one. Depending which country you're in there will be government recommendations that will relate to local computer misuse laws.
Solution 3:
It really depend on who is logging in, and why. If you are running a server to provide shell accounts, you probably want a pretty strong interactive login banner to remind people not to run spambots. On the other hand, if your servers are only accessed by fellow members of your Operations team, of which there are only 8, you probably don't need a banner. Really this boils down to a matter of policy, because the banner will not make a noticeable difference in behavior, and has no effect in many legal venues.