Outgoing IT Staff: Security Concerns

anonymous · 02-08-2012, 09:56 PM

Let's say you're "letting go" a member of an IT department that has had free reign, total access to your network for several years.

If the situation is "not on good terms" what due dilligence can you take to protect your business interests from possible disruption?

footfootfoot · 02-08-2012, 10:07 PM

Whatever you do, no fingerprints and make it look like a robbery or suicide.

Undertoad · 02-08-2012, 10:14 PM

Value integrity when hiring.

Oh you say nobody hires IT people on that basis? You say they only hire on the basis of which technology keywords people have on their resume?

huh.

zippyt · 02-08-2012, 10:15 PM

got to walmart , see if you can find some microwave pork rinds,
last thing as yer leaving ( or makeing your escape ) pitch them in the break room Microwave and set it for 30 minets ,
they will have Haz mat teams cleaning up for days !!!!

footfootfoot · 02-08-2012, 10:19 PM

That beats a top-decker by an order of magnitude.

BigV · 02-08-2012, 10:41 PM

Quote:

Originally Posted by Undertoad

Value integrity when hiring.

Oh you say nobody hires IT people on that basis? You say they only hire on the basis of which technology keywords people have on their resume?

huh.

for some folks, it's all about the benjamins

ZenGum · 02-08-2012, 11:31 PM

Zip, I think the situation is the other way around.

I suspect this is UT's old boss who has finally figured out that the reason the data keeps getting small random changes and sending naughty emails to the boss is to do with a few trojans and backdoors UT left in the system before he was dumped.

The obvious solution is to give UT a "consultancy" to "refresh" the system. I think $100,000 would be industry standard.

Clodfobble · 02-09-2012, 07:44 AM

Mr. Clod has had to deal with this situation before. I'll ask him when he wakes up.

glatt · 02-09-2012, 07:50 AM

I'm not in IT, so I have no idea, but I'd guess that there's very little you can do to be sure everything remains secure.

This person could have taken a list of all accounts and passwords home. Even if you disable their account, they could access the network under a different one. Is remote access allowed now, or do you have to be on site to gain access to the system? If remote access is allowed, I don't see how you can guard against them using another account to get in. You just have to trust that their professionalism and fear of legal problems will keep them from doing anything to hurt you.

Clodfobble · 02-09-2012, 08:36 AM

Mr. Clod's response was, "Ooh... yeah. They're probably in trouble."

He noted that it really depends heavily on how your systems are set up, but this guy probably has at least a dozen extra logins to various servers, not out of malicious forethought but because they are a convenience when doing maintenance, etc. Worst-case scenario, you could go nuclear and delete every login on every machine, change the root passwords, and then rebuild all the logins from the ground up for legitimate users. But that's kind of a nightmare. He said the most important thing is to make his "post interview" (that thing where HR detains you in the office with paperwork, and asks you to give an honest appraisal of your manager, coworkers, etc., now that you have nothing to lose) last a really, really long time, and have everyone feverishly checking user lists and changing passwords while he's trapped in there.

ZenGum · 02-09-2012, 07:19 PM

FFF's method is clearly easier.

Pete Zicato · 02-09-2012, 08:35 PM

I'm not really up on security issues, but it would help to know what kind of systems/network we're talking about.

monster · 02-09-2012, 09:12 PM

You are probably fucked unless they have absolutely no idea they are about to be let go. In which case, the long exit interview and security guard accompaniment can buy time to check/reset the obvious. And even then, if they did bad things, they probably also have if-I-am-caught-revenge-things-set-up. If there is no severance pay, perhaps you could negotiate something?

Consult with their replacement. You do have a replacement, right?

footfootfoot · 02-09-2012, 09:14 PM

Quote:

Originally Posted by ZenGum

FFF's method is clearly easier.

Thank you, Doctor. I cut to the chase.

regular.joe · 02-09-2012, 09:56 PM

Quote:

Originally Posted by footfootfoot

Whatever you do, no fingerprints and make it look like a robbery or suicide.

10 extra points if you can make it look like a robbery and a suicide.

02-08-2012, 09:56 PM	#1
anonymous Operations Operative Join Date: Feb 2004 Location: in hiding Posts: 578	Outgoing IT Staff: Security Concerns Let's say you're "letting go" a member of an IT department that has had free reign, total access to your network for several years. If the situation is "not on good terms" what due dilligence can you take to protect your business interests from possible disruption?

02-08-2012, 10:07 PM	#2
footfootfoot To shreds, you say? Join Date: Aug 2004 Location: in the house and on the street-how many, many feet we meet! Posts: 18,449	Whatever you do, no fingerprints and make it look like a robbery or suicide. __________________ The internet is a hateful stew of vomit you can never take completely seriously. - Her Fobs

02-08-2012, 10:15 PM	#4
zippyt LONG LIVE KING ZIPPY! per Feetz Join Date: Mar 2003 Location: Arkansas Posts: 7,661	got to walmart , see if you can find some microwave pork rinds, last thing as yer leaving ( or makeing your escape ) pitch them in the break room Microwave and set it for 30 minets , they will have Haz mat teams cleaning up for days !!!! __________________ "Success is getting what you want. Happiness is wanting what you get. " Brother Dave Gardner

02-08-2012, 10:19 PM	#5
footfootfoot To shreds, you say? Join Date: Aug 2004 Location: in the house and on the street-how many, many feet we meet! Posts: 18,449	That beats a top-decker by an order of magnitude. __________________ The internet is a hateful stew of vomit you can never take completely seriously. - Her Fobs

02-08-2012, 11:31 PM	#7
ZenGum Doctor Wtf Join Date: Oct 2007 Location: Badelaide, Baustralia Posts: 12,861	Zip, I think the situation is the other way around. I suspect this is UT's old boss who has finally figured out that the reason the data keeps getting small random changes and sending naughty emails to the boss is to do with a few trojans and backdoors UT left in the system before he was dumped. The obvious solution is to give UT a "consultancy" to "refresh" the system. I think $100,000 would be industry standard. __________________ Shut up and hug. MoreThanPretty, Nov 5, 2008. Just because I'm nominally polite, does not make me a pussy. Sundae Girl.

02-08-2012, 10:14 PM	#3
Undertoad Radical Centrist Join Date: Jan 2001 Location: Cottage of Prussia Posts: 31,423	Value integrity when hiring. Oh you say nobody hires IT people on that basis? You say they only hire on the basis of which technology keywords people have on their resume? huh.

02-09-2012, 07:44 AM	#8
Clodfobble UNDER CONDITIONAL MITIGATION Join Date: Mar 2004 Location: Austin, TX Posts: 20,012	Mr. Clod has had to deal with this situation before. I'll ask him when he wakes up. __________________ My book My other book My spirit animal

02-09-2012, 07:50 AM	#9
glatt ™ Join Date: Jul 2003 Location: Arlington, VA Posts: 27,717	I'm not in IT, so I have no idea, but I'd guess that there's very little you can do to be sure everything remains secure. This person could have taken a list of all accounts and passwords home. Even if you disable their account, they could access the network under a different one. Is remote access allowed now, or do you have to be on site to gain access to the system? If remote access is allowed, I don't see how you can guard against them using another account to get in. You just have to trust that their professionalism and fear of legal problems will keep them from doing anything to hurt you.

02-09-2012, 08:36 AM	#10
Clodfobble UNDER CONDITIONAL MITIGATION Join Date: Mar 2004 Location: Austin, TX Posts: 20,012	Mr. Clod's response was, "Ooh... yeah. They're probably in trouble." He noted that it really depends heavily on how your systems are set up, but this guy probably has at least a dozen extra logins to various servers, not out of malicious forethought but because they are a convenience when doing maintenance, etc. Worst-case scenario, you could go nuclear and delete every login on every machine, change the root passwords, and then rebuild all the logins from the ground up for legitimate users. But that's kind of a nightmare. He said the most important thing is to make his "post interview" (that thing where HR detains you in the office with paperwork, and asks you to give an honest appraisal of your manager, coworkers, etc., now that you have nothing to lose) last a really, really long time, and have everyone feverishly checking user lists and changing passwords while he's trapped in there. __________________ My book My other book My spirit animal

02-09-2012, 07:19 PM	#11
ZenGum Doctor Wtf Join Date: Oct 2007 Location: Badelaide, Baustralia Posts: 12,861	FFF's method is clearly easier. __________________ Shut up and hug. MoreThanPretty, Nov 5, 2008. Just because I'm nominally polite, does not make me a pussy. Sundae Girl.

02-09-2012, 08:35 PM	#12
Pete Zicato Turns out my CRS is a symptom of TMB. Join Date: Jan 2010 Location: Chicago suburbs Posts: 2,916	I'm not really up on security issues, but it would help to know what kind of systems/network we're talking about. __________________ Talk nerdy to me.

02-09-2012, 09:12 PM	#13
monster I hear them call the tide Join Date: Dec 2005 Location: Perpetual Chaos Posts: 30,852	You are probably fucked unless they have absolutely no idea they are about to be let go. In which case, the long exit interview and security guard accompaniment can buy time to check/reset the obvious. And even then, if they did bad things, they probably also have if-I-am-caught-revenge-things-set-up. If there is no severance pay, perhaps you could negotiate something? Consult with their replacement. You do have a replacement, right? __________________ The most difficult thing is the decision to act, the rest is merely tenacity Amelia Earhart

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)