Outgoing IT Staff: Security Concerns
 

Let's say you're "letting go" a member of an IT department that has had free reign, total access to your network for several years.

If the situation is "not on good terms" what due dilligence can you take to protect your business interests from possible disruption?

Whatever you do, no fingerprints and make it look like a robbery or suicide.

Value integrity when hiring.




Oh you say nobody hires IT people on that basis? You say they only hire on the basis of which technology keywords people have on their resume?




huh.

got to walmart , see if you can find some microwave pork rinds,
last thing as yer leaving ( or makeing your escape ) pitch them in the break room Microwave and set it for 30 minets ,
they will have Haz mat teams cleaning up for days !!!!

That beats a top-decker by an order of magnitude.

for some folks, it's all about the benjamins

Zip, I think the situation is the other way around.

I suspect this is UT's old boss who has finally figured out that the reason the data keeps getting small random changes and sending naughty emails to the boss is to do with a few trojans and backdoors UT left in the system before he was dumped.

The obvious solution is to give UT a "consultancy" to "refresh" the system. I think $100,000 would be industry standard.

:D

Mr. Clod has had to deal with this situation before. I'll ask him when he wakes up.

I'm not in IT, so I have no idea, but I'd guess that there's very little you can do to be sure everything remains secure.

This person could have taken a list of all accounts and passwords home. Even if you disable their account, they could access the network under a different one. Is remote access allowed now, or do you have to be on site to gain access to the system? If remote access is allowed, I don't see how you can guard against them using another account to get in. You just have to trust that their professionalism and fear of legal problems will keep them from doing anything to hurt you.

Mr. Clod's response was, "Ooh... yeah. They're probably in trouble."

He noted that it really depends heavily on how your systems are set up, but this guy probably has at least a dozen extra logins to various servers, not out of malicious forethought but because they are a convenience when doing maintenance, etc. Worst-case scenario, you could go nuclear and delete every login on every machine, change the root passwords, and then rebuild all the logins from the ground up for legitimate users. But that's kind of a nightmare. He said the most important thing is to make his "post interview" (that thing where HR detains you in the office with paperwork, and asks you to give an honest appraisal of your manager, coworkers, etc., now that you have nothing to lose) last a really, really long time, and have everyone feverishly checking user lists and changing passwords while he's trapped in there.

FFF's method is clearly easier.

I'm not really up on security issues, but it would help to know what kind of systems/network we're talking about.

You are probably fucked unless they have absolutely no idea they are about to be let go. In which case, the long exit interview and security guard accompaniment can buy time to check/reset the obvious. And even then, if they did bad things, they probably also have if-I-am-caught-revenge-things-set-up. If there is no severance pay, perhaps you could negotiate something?

Consult with their replacement. You do have a replacement, right?

Thank you, Doctor. I cut to the chase.

10 extra points if you can make it look like a robbery and a suicide.

lolz

I realised I was being let go from my job in London when I turned up for my "assessment" after being off sick, to see a note on the door saying "PASSWORD HAS CHANGED - CALL OFFICE NUMBER TO BE ADMITTED!" and inside a note taped to the Reception window which read Do Not Use Credit Card Unless Authorised By [Artistic Director] which made it clear they'd changed the cards too.

That hurt more than my dismissal in the end.
They were informing everyone I was going before I even came in, so the meeting was a farce.
And they worried I might abuse my position of trust.
I hadn't and I didn't. But a wicked little flicker wished I had.

'Cept I'd have died inside if I had.

And be sure to put the body at the bottom of the stack of dead hobos.

Nobody searches all the way to the bottom.

Outside of making addition amusing comments regarding hobos, yeah. You're fooked. I think UT put it best.

Way nicer than my initial thought of "don't hire vindictive motherfuckers."

So... did you let the guy go yet?

Circumstances were somewhat the same for me. My immediate supervisor, at least, was nice enough to admit that he'd known far in advance of my pending layoff, and it killed him to have to keep it from me. But it was depressing to realize that the big boss didn't think I could be trusted.

It was kind of ironic, because he was one of the most impressive liars I'd seen in action. I guess people who roll that way think that everyone else does, too.

It's an avoidable risk, making preemptive changes like that, and they make good business sense. HOW TO end the employee/employer relationship is a different question, and has as many answers as there are combinations of bosses and workers times the number of businesses.

Unrealistic, perhaps, but what about adding another layer of security requiring the use of one of those changing passkey card thingies that you can't get into the system without? My sister works for an international company that moves a lot of money (she occasionally talked about accounting errors that she had to chase down involving a couple of million dollars as though it was like my checkbook being off by 23 cents) around that has those things.

Probably cheaper than having the whole system brought down around your ears.

SecurID

Which is fine if there's already a VPN in place that can take advantage of it. The thing is, if the network wasn't built to be secure in the first place, it might be hard to identify every possible insecure corner. You could work really hard to protect the VPN with SecurID, and still find a back door in a wireless router someone put in on the 3rd floor to get to a printer.

When i installed Alarms there was this semi disgruntled coworker , he was good about installing wireless switches so he could set off the fire alarm or the panic alarm as he drove by ,
hell i programmed an Alarm to sound the out side siren for 5 minets EVERY time a customer armed or disarmed their alarm , they were Butt heads !!!

It's interesting to see the many ways the anonymous login gets used.

I'm tempted to log in as anon and make up a story about a crazy time firing this guy and how he was able to remotely turn the sprinkler system on in the building after he left. And we ended up paying him half a million just to leave us alone, but we're still not sure.

I think we should have a thread where everyone has to be logged in as anonymous to post. That would be interesting.

Just a thought from a noob who felt proud of himself for adding a few RAM chips to a laptop:

Even if you can't secure the system, can you set up a way of logging everything that is done in a way that cannot be erased? It wouldn't prevent tampering, but it would enable you to prove that tampering had been done, and that might deter the individual.

Love them. Have used them for decades. I wish the bank I have my checking account with would offer it.

I wish I had overcooked fish in the Microwave at work. :D

1) change his/her ability to access the system from outside the work place. (if that is even possible)

2) Fire him/her while they are away from work.

3) Allow them to come to work to get their shit under escort by the Enforcers (at least that is the way they do it on TV).

4) Cut their break line while they are picking up their shit.

Kidnap their dog and then send them a note with one of its toenails informing them that they better be on their best behavior or another toenail will be showing up in the mail.

Set up a fake account for them on Face Book, including the most intimate details you can glean from his personnel file. Have him friend all the local cop shops, the FBI, CIA, and Homeland Security. E-mail him his new FB home page link.

Move your entire business to another city and get a brand new computer system while you're at it. Write it all off as the cost of doing business.

OK. I'll go away now.

How many of those are you considering using regarding the Bates? :D

This is kind of a hell situation. You need to hire someone to come in and lock everything down before giving this person the slightest inkling that they are being let go. This will be very expensive. I can't even imagine how you could bring someone in, have your IT person cooperate fully and not tip him off that he's a short-timer.

The kings of yore took care of such situations by marrying the IT guys daughter. WIN WIN

Heh heh.

I might've wished that the chicken wrap I'd left behind was shrimp instead...but I don't think the boss ever used the fridge, so the wrong people would have been affected.

As it was, the wrap was probably a tasty shade of green-blue by the time that fridge got cleaned out.