Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: Handling Sysads resignation/termination
From: "Solomon" <lavel () solomonscomputing com>
Date: Wed, 3 Aug 2005 21:04:17 -0700

I must agree with Michael.  We are all pretty much honest and are very
dedicated to their work and some would like nothing more than to pass there
"work" on to the next person.
Lavel

There are many but here is one, an honest brother a widows son.

-----Original Message-----
From: Michael Starr [mailto:northstarr () northstarr org] 
Sent: Tuesday, August 02, 2005 11:49 PM
To: 'Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]'; 'Irvin Temp'
Cc: pen-test () securityfocus com
Subject: RE: Handling Sysads resignation/termination

We all need to remember that destroying a former employer's (or anyone
else's) property is a crime -- and that we're all supposed to have good
backup procedures and disaster recovery plans.  We all council our clients
to that effect, right? We have the recourse of the courts available to us
when an administrator (or any other employee) behaves badly, if necessary.
While some (I won't say paranoid) folks feel they can't trust the
administrators who've served them well, the fact of the matter is that in
most cases (though not in the case of a retiring admin) the person is going
to be looking for another job.  In the network administration field, neither
a criminal record, nor "I trashed my last employer's network because they
let me go" look very good on a resume.  If a systems administrator doesn't
have their reputation, they have nothing.

I have to say that I have been called in to recover passwords on a network
where an admin quit, changed all of the administrator passwords AND the user
passwords, and refused to turn them over.  That person was sued for LOTS of
damages, including my hours in recovering access to the network.
Additionally, he didn't work in the industry, as far as I know, ever again.
His bad behavior is the exception, and not the rule.  

I will also say that most systems administrators are at least as honest and
ethical as the average CPA, or attorney -- even when they've been
terminated.  Finally, it should go without saying that there is a secondary
employee who knows the network well, and can review and report on the status
and condition of the system at periodic intervals, both pre and post
administrator termination.

As with anything else, proper prevention outweighs correction by a mile.
There is a method for terminating an employee -- admin or otherwise, and
there is a reason for that.  There are also methods of putting checks and
balances in place long before termination becomes an issue, and there are
reasons for that as well.  For example, when an admin employee is ready to
retire, their network access should be curtailed immediately, and their
duties should be cut back accordingly.  Often, it's best to pay them NOT to
come in to work for a few weeks.

I bet the SANS reading room has information on this topic too.

That's my .02
Northstarr

-----Original Message-----
From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
[mailto:sbradcpa () pacbell net] 
Sent: Tuesday, August 02, 2005 8:40 PM
To: Irvin Temp
Cc: pen-test () securityfocus com
Subject: Re: Handling Sysads resignation/termination

What's he going to do? Say yes? Then what?


Anyone else besides me thinking of a employment leaving documentation 
poured over by Attorneys where he/she has to sign something to the effect?

I wouldn't want you to certify that ....that's asking a bit much on your 
part I think. I think you, your HR department and your firm's Attorneys 
need to sit down and discuss an action plan.

Normally for anyone who isn't a sysadmin the termination process 
involved revoking accounts, keys, devices, changing locks etc etc...

Check out Steve Riley on this topic...

http://blogs.technet.com/steriley/archive/2005/07/19/407917.aspx

The article is posted in the security management column section on 
TechNet and is the Viewpoint article in the July security newsletter. 
Check it out, and please tell me what you think. It's been generating 
some opinions :)

http://www.microsoft.com/technet/community/columns/secmgmt/sm0705.mspx

    Do you trust your administrators? That seemingly innocent question
    creates a serious dilemma in the minds of a lot of people. While we
    all know what we'd /like/ the answer to be, the disappointing fact
    is that, increasingly, the true answer is the opposite. This became
    apparent in discussions I had with many attendees at TechEd US in
    May-there is genuine concern about the trustworthiness of
    administrators...



Irvin Temp wrote:

I've been working as a security consultant for a 
financial company.

a system administrator handling the several of the 
critical servers will be retiring. before he leave the

company the management wants me to interview him and
in 
"certify" that he did not leave any timebombs,
malicious 
programs on the pcs. 

Since i have no experience in handling pre-termination
of
a systems administrator, i would appreciate you
insights 
and suggestions on how to go about this. 

Questions that needs to be asked. Steps to take to 
ensure that the systems are clean after his 
resignation. 


Thanks and God bless! 

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

---------------------------------------------------------------------------
---
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
---------------------------------------------------------------------------
----


 


-- 
Letting your vendors set your risk analysis these days?  
http://www.threatcode.com


----------------------------------------------------------------------------
--
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
----------------------------------------------------------------------------
---




----------------------------------------------------------------------------
--
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
----------------------------------------------------------------------------
---




------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault