Outgoing IT Staff: Security Concerns
 

Let's say you're "letting go" a member of an IT department that has had free reign, total access to your network for several years.

If the situation is "not on good terms" what due dilligence can you take to protect your business interests from possible disruption?

Whatever you do, no fingerprints and make it look like a robbery or suicide.

Value integrity when hiring.




Oh you say nobody hires IT people on that basis? You say they only hire on the basis of which technology keywords people have on their resume?




huh.

got to walmart , see if you can find some microwave pork rinds,
last thing as yer leaving ( or makeing your escape ) pitch them in the break room Microwave and set it for 30 minets ,
they will have Haz mat teams cleaning up for days !!!!

That beats a top-decker by an order of magnitude.

for some folks, it's all about the benjamins

Zip, I think the situation is the other way around.

I suspect this is UT's old boss who has finally figured out that the reason the data keeps getting small random changes and sending naughty emails to the boss is to do with a few trojans and backdoors UT left in the system before he was dumped.

The obvious solution is to give UT a "consultancy" to "refresh" the system. I think $100,000 would be industry standard.

:D

Mr. Clod has had to deal with this situation before. I'll ask him when he wakes up.

I'm not in IT, so I have no idea, but I'd guess that there's very little you can do to be sure everything remains secure.

This person could have taken a list of all accounts and passwords home. Even if you disable their account, they could access the network under a different one. Is remote access allowed now, or do you have to be on site to gain access to the system? If remote access is allowed, I don't see how you can guard against them using another account to get in. You just have to trust that their professionalism and fear of legal problems will keep them from doing anything to hurt you.

Mr. Clod's response was, "Ooh... yeah. They're probably in trouble."

He noted that it really depends heavily on how your systems are set up, but this guy probably has at least a dozen extra logins to various servers, not out of malicious forethought but because they are a convenience when doing maintenance, etc. Worst-case scenario, you could go nuclear and delete every login on every machine, change the root passwords, and then rebuild all the logins from the ground up for legitimate users. But that's kind of a nightmare. He said the most important thing is to make his "post interview" (that thing where HR detains you in the office with paperwork, and asks you to give an honest appraisal of your manager, coworkers, etc., now that you have nothing to lose) last a really, really long time, and have everyone feverishly checking user lists and changing passwords while he's trapped in there.

FFF's method is clearly easier.

I'm not really up on security issues, but it would help to know what kind of systems/network we're talking about.

You are probably fucked unless they have absolutely no idea they are about to be let go. In which case, the long exit interview and security guard accompaniment can buy time to check/reset the obvious. And even then, if they did bad things, they probably also have if-I-am-caught-revenge-things-set-up. If there is no severance pay, perhaps you could negotiate something?

Consult with their replacement. You do have a replacement, right?

Thank you, Doctor. I cut to the chase.

10 extra points if you can make it look like a robbery and a suicide.