General discussion

Locked

When High Level IT People Leave

By LCroft ·
What do you do when an IT person (who has domain administrator rights) leaves the company?

Other than the obvious... Disable his account (I wouldn't want to delete it, just in case some application is dependent on it.)

I'm afraid I might miss something. This person has set up routers, firewalls, gateways and our Internet connection.

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

When High Level IT People Leave

by Some Guy in Seattle In reply to When High Level IT People ...

Change the passwords of all systems that this person might have touched. This means Local and Administrator for those NT machines. Don't forget SNMP passwords. If this person was "trusted" (left on good terms) you still want to do this as a minimum. If this person is "untrusted" and left on bad terms, make sure to review your logs regularly for all systems for unusual activity. Also review the settings on critical security systems for authentic filtering. Look at your firewall rulebase for unusual rules that don't make any sense and your router access lists for the same reason.

Hope that helps,

Collapse -

When High Level IT People Leave

by LCroft In reply to When High Level IT People ...

Poster rated this answer

Collapse -

When High Level IT People Leave

by pcammuso In reply to When High Level IT People ...

You may want to look at the following link from TechRepublic. It gives good information on this very subject:

http://www.techrepublic.com/article.jhtml?id=r00620010123gon01.htm

Collapse -

When High Level IT People Leave

by LCroft In reply to When High Level IT People ...

Poster rated this answer

Collapse -

When High Level IT People Leave

by William Shipway In reply to When High Level IT People ...

Now might be a good time to have a security audit done!

Hopefully this person has signed an agreement before he departed that specifically addresses the issues you are worried about. It doesn't prevent access but may be a deterent and gives you some legal reassurance.

Check for generic accounts that have dial-in access and remove if possible or change the passwords. As already suggested, change all the admin-type passwords as soon as possible. You should already know which passwords dowhat, so nothing unexpected should break - but keep an eye out for this. Check for unusual scheduled server jobs that might be malicious (eg changing passwords, re-creating backdoors).

Physical security is also important - change keypad PINs, cancel his access cards, ensure any tokens are returned and disabled, etc. How paranoid are you - need to change key locks on security doors etc?

For routers and firewalls, and probably any server too, do a visual inspection and trace any cables that you can't explain. Even worth double-checking the ones you can explain.

Ensure that this person was not a primary or authorised contact for things like off-site tape storage, maintenance agreements, supplier or support companies, secure web sites, certificate authorities, DNS registrations, etc.

It really helps to think paranoid. If it is not in your nature then pick up a book on practical information security. You could seek professional advice from a computer security company.

HTH
William

Collapse -

When High Level IT People Leave

by LCroft In reply to When High Level IT People ...

Poster rated this answer

Collapse -

When High Level IT People Leave

by LCroft In reply to When High Level IT People ...

This question was closed by the author

Back to IT Employment Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums