Penetration Testing: Re: Handling Sysads resignation/termination

["Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa () pacbell net>]

What's he going to do? Say yes? Then what?


Anyone else besides me thinking of a employment leaving documentation 
poured over by Attorneys where he/she has to sign something to the effect?
I wouldn't want you to certify that ....that's asking a bit much on your 
part I think. I think you, your HR department and your firm's Attorneys 
need to sit down and discuss an action plan.
Normally for anyone who isn't a sysadmin the termination process 
involved revoking accounts, keys, devices, changing locks etc etc...
Check out Steve Riley on this topic...

http://blogs.technet.com/steriley/archive/2005/07/19/407917.aspx

The article is posted in the security management column section on 
TechNet and is the Viewpoint article in the July security newsletter. 
Check it out, and please tell me what you think. It's been generating 
some opinions :)
http://www.microsoft.com/technet/community/columns/secmgmt/sm0705.mspx

   Do you trust your administrators? That seemingly innocent question
   creates a serious dilemma in the minds of a lot of people. While we
   all know what we’d /like/ the answer to be, the disappointing fact
   is that, increasingly, the true answer is the opposite. This became
   apparent in discussions I had with many attendees at TechEd US in
   May—there is genuine concern about the trustworthiness of
   administrators...



Irvin Temp wrote:

> I've been working as a security consultant for a 
> financial company.
> a system administrator handling the several of the 
> critical servers will be retiring. before he leave the
> company the management wants me to interview him and
> in 
> "certify" that he did not leave any timebombs,
> malicious 
> programs on the pcs. 
>
> Since i have no experience in handling pre-termination
> of
> a systems administrator, i would appreciate you
> insights 
> and suggestions on how to go about this. 
>
> Questions that needs to be asked. Steps to take to 
> ensure that the systems are clean after his 
> resignation. 
>
> Thanks and God bless! 
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around 
> http://mail.yahoo.com 
>
> ------------------------------------------------------------------------------
> FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't
>
> Learn the hacker's secrets that compromise wireless LANs. Secure your
> WLAN by understanding these threats, available hacking tools and proven
> countermeasures. Defend your WLAN against man-in-the-Middle attacks and
> session hijacking, denial-of-service, rogue access points, identity
> thefts and MAC spoofing. Request your complimentary white paper at:
>
> http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
> -------------------------------------------------------------------------------
>
>
>  
--
Letting your vendors set your risk analysis these days?  
http://www.threatcode.com

------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------