[ale] Network security question

Jeff Lightner jlightner at water.com
Tue Apr 3 08:58:54 EDT 2007 

This reminds me of when I quit a job a few years ago.  I gave notice and
the putz director said it was their policy not allow staff on the
systems after quitting so they had disabled all my accounts.   This was
a lie because I'd been there 7 years and they'd never done it before -
the guy just didn't like folks in Atlanta (he thought we were prima
donnas which is part of why I resigned).    However this amused me
because:

a)       It meant I get a 2 week paid vacation because they had to pay
me for the notice period and I couldn't work through it

b)       It meant I didn't have to finish out my on call that week.

c)       They did change all my accounts but neglected to check whether
I was already logged in via the ISDN they had provided me.

d)       I was actually logged into the security server that had root
access to all the other servers so didn't need my personal accounts.
Had I really wanted to do damage I could have had a field day and could
have said "wasn't me - you guys disabled my accounts remember?"

It was stupid though.  To think I was going to throw away a 7 year
reference but would give them notice before doing damage?!  I quietly
copied the things I owned in my home directory down to my PC then logged
myself out of their systems and turned off the ISDN router - I was just
glad to be gone.   The director's BS confirmed in spades my impression
of how petty a person he truly was and affirmed my decision that it was
time to get the hell out of there.

 

________________________________

From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of Mark
To: ale at ale.org
Wright
Sent: Monday, April 02, 2007 7:38 PM
To: Atlanta Linux Enthusiasts
Subject: [ale] Network security question

 

Hi folks,

 

I have a problem my boss dumped in my lap.  He is going to let go our
network admin because he is dishonest.  He is also pretty good and has
bragged about how he hacked his former employer (hp) for mischief when
he was terminated.  My boss wants me to tell him what he should do
before he fires this guy to make sure this guy can't disrupt our
business after he's gone.  We don't know that he will but my boss thinks
so.

 

The office is in Chicago (me in Woodstock).  There are about 5 windows
03 servers and 5 AIX, a Cisco router and a Cisco firewall.  My boss is
not worried about the AIX as that is our expertise.  One of the windows
boxes hosts RDP and one is a webserver using Cold Fusion.  Those are the
ones he worries about.  He had trouble before when he tried to change
the Cold Fusion password.  The web site stopped working so he is afraid
to do that even though he knows he needs to.

 

I suggested to him that all the account passwords should be changed on
every box for every user and possibly disable email ports on any system
that doesn't need email.  I was wondering about root kits that may have
been left behind or code that could email out the new passwords in a
week or so.

 

I know there are some excellent security experts out there.  Any tips
would be greatly appreciated.

 

 

 

 

Mark 

 

 

 

 

 

 

 

 

 

The box said "Windows98 or better" so I installed Linux.

 

-------------- next part --------------
An HTML attachment was scrubbed...

More information about the Ale mailing list