[ale] Network security question
Jeremy T. Bouse
jeremy.bouse at undergrid.net
Mon Apr 2 20:45:53 EDT 2007
James P. Kinney III wrote:
> All systems will have to be scanned just before and again just after the
> dismissal. There needs to be a "shadow admin" brought on immediately to
> start the security sweeps. Once the dismissal occurs, the shadow becomes
> the real admin.
>
> There will need to be some serious penetration testing done just prior
> to the dismissal (think same day). Basically, the systems will need to
> be locked down and secure first. Once that is done, the exiting admin
> has their passwords locked off on all machines.
>
> This is a seriously no fun process. The only potential upside to this is
> the ones that brag about past exploits are not very dangerous. They
> typically did "something" with some script-kiddie tools (bad enough but
> manageable.).
>
I'd also add the note that a previous employer of mine stated to me
when I was let go and they thought I might do something against the
company... They simply warned me that if they saw any network
disturbance that LEOs would be notified immediately and my name given as
a probable suspect. In this case I wasn't the administrator but just in
tech support but they knew I had considerable more knowledge and had
already shown them open backdoors the previous administrator had left
that the current administrator didn't even know about.
Regards,
Jeremy
More information about the Ale
mailing list