Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Removing FIred admins

From: "Volker Tanger" <volker.tanger () detewe de>
Date: Fri, 13 Feb 2004 09:02:28 +0100
Greetings!

On Thu, 12 Feb 2004 23:14:28 -0500 Cael Abal <lists2 () onryou com> wrote:

Michael T. Harding wrote:
| Anybody know of a checklist or guide to removing access across the
| entire organization for a "retired" admin?
| Mixed environment including Linux, Unix, Windows, Cisco, Nortel

Wow.  Nightmare.


If I get the wording right, the admin and company did not part in good
terms? Then it really has potential for a real nightmare - especially if
the admin had the time AND MOOD to prepare for that.

If he did not have the mood to take revenge, your main problem could be
that he simply did not care to tell you the passwords, so you can't log
in. Bad thing if you don't have config backups...

If he's likely to take revenge, act. Fast. The more time he had to
prepare, the worse it can become - especiall if he planted a time bomb,
that'll affect you in a year or so when e.g. the old, clean backups are
long overwritten.

If you have to assume being compromised, re-install and re-configure all
your systems starting from scratch and clean media (boot from CD,
partition harddisc, format HD, install base system, ...) - and start
with your most (business) critical systems. Have this done by an admin
you trust.

Bye

Volker Tanger
ITK-Security

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: