Outgoing IT Staff: Security Concerns

anonymous · 02-08-2012, 09:56 PM

Let's say you're "letting go" a member of an IT department that has had free reign, total access to your network for several years.

If the situation is "not on good terms" what due dilligence can you take to protect your business interests from possible disruption?

footfootfoot · 02-08-2012, 10:07 PM

Whatever you do, no fingerprints and make it look like a robbery or suicide.

regular.joe · 02-09-2012, 09:56 PM

Quote:

Originally Posted by footfootfoot

Whatever you do, no fingerprints and make it look like a robbery or suicide.

10 extra points if you can make it look like a robbery and a suicide.

Gravdigr · 02-12-2012, 05:01 PM

Quote:

Originally Posted by footfootfoot

Whatever you do, no fingerprints and make it look like a robbery or suicide.

And be sure to put the body at the bottom of the stack of dead hobos.

Nobody searches all the way to the bottom.

Undertoad · 02-08-2012, 10:14 PM

Value integrity when hiring.

Oh you say nobody hires IT people on that basis? You say they only hire on the basis of which technology keywords people have on their resume?

huh.

BigV · 02-08-2012, 10:41 PM

Quote:

Originally Posted by Undertoad

Value integrity when hiring.

Oh you say nobody hires IT people on that basis? You say they only hire on the basis of which technology keywords people have on their resume?

huh.

for some folks, it's all about the benjamins

zippyt · 02-08-2012, 10:15 PM

got to walmart , see if you can find some microwave pork rinds,
last thing as yer leaving ( or makeing your escape ) pitch them in the break room Microwave and set it for 30 minets ,
they will have Haz mat teams cleaning up for days !!!!

mw451 · 02-14-2012, 05:03 PM

I wish I had overcooked fish in the Microwave at work.

Quote:

Originally Posted by zippyt

got to walmart , see if you can find some microwave pork rinds,
last thing as yer leaving ( or makeing your escape ) pitch them in the break room Microwave and set it for 30 minets ,
they will have Haz mat teams cleaning up for days !!!!

bluecuracao · 02-18-2012, 08:29 PM

Quote:

Originally Posted by mw451

I wish I had overcooked fish in the Microwave at work.

Heh heh.

I might've wished that the chicken wrap I'd left behind was shrimp instead...but I don't think the boss ever used the fridge, so the wrong people would have been affected.

As it was, the wrap was probably a tasty shade of green-blue by the time that fridge got cleaned out.

footfootfoot · 02-08-2012, 10:19 PM

That beats a top-decker by an order of magnitude.

ZenGum · 02-08-2012, 11:31 PM

Zip, I think the situation is the other way around.

I suspect this is UT's old boss who has finally figured out that the reason the data keeps getting small random changes and sending naughty emails to the boss is to do with a few trojans and backdoors UT left in the system before he was dumped.

The obvious solution is to give UT a "consultancy" to "refresh" the system. I think $100,000 would be industry standard.

glatt · 02-09-2012, 07:50 AM

I'm not in IT, so I have no idea, but I'd guess that there's very little you can do to be sure everything remains secure.

This person could have taken a list of all accounts and passwords home. Even if you disable their account, they could access the network under a different one. Is remote access allowed now, or do you have to be on site to gain access to the system? If remote access is allowed, I don't see how you can guard against them using another account to get in. You just have to trust that their professionalism and fear of legal problems will keep them from doing anything to hurt you.

Clodfobble · 02-09-2012, 07:44 AM

Mr. Clod has had to deal with this situation before. I'll ask him when he wakes up.

Clodfobble · 02-09-2012, 08:36 AM

Mr. Clod's response was, "Ooh... yeah. They're probably in trouble."

He noted that it really depends heavily on how your systems are set up, but this guy probably has at least a dozen extra logins to various servers, not out of malicious forethought but because they are a convenience when doing maintenance, etc. Worst-case scenario, you could go nuclear and delete every login on every machine, change the root passwords, and then rebuild all the logins from the ground up for legitimate users. But that's kind of a nightmare. He said the most important thing is to make his "post interview" (that thing where HR detains you in the office with paperwork, and asks you to give an honest appraisal of your manager, coworkers, etc., now that you have nothing to lose) last a really, really long time, and have everyone feverishly checking user lists and changing passwords while he's trapped in there.

ZenGum · 02-09-2012, 07:19 PM

FFF's method is clearly easier.

02-08-2012, 09:56 PM	#1
anonymous Operations Operative Join Date: Feb 2004 Location: in hiding Posts: 578	Outgoing IT Staff: Security Concerns Let's say you're "letting go" a member of an IT department that has had free reign, total access to your network for several years. If the situation is "not on good terms" what due dilligence can you take to protect your business interests from possible disruption?

02-08-2012, 10:07 PM	#2
footfootfoot To shreds, you say? Join Date: Aug 2004 Location: in the house and on the street-how many, many feet we meet! Posts: 18,449	Whatever you do, no fingerprints and make it look like a robbery or suicide. __________________ The internet is a hateful stew of vomit you can never take completely seriously. - Her Fobs

02-08-2012, 10:15 PM	#7
zippyt LONG LIVE KING ZIPPY! per Feetz Join Date: Mar 2003 Location: Arkansas Posts: 7,661	got to walmart , see if you can find some microwave pork rinds, last thing as yer leaving ( or makeing your escape ) pitch them in the break room Microwave and set it for 30 minets , they will have Haz mat teams cleaning up for days !!!! __________________ "Success is getting what you want. Happiness is wanting what you get. " Brother Dave Gardner

02-08-2012, 10:19 PM	#10
footfootfoot To shreds, you say? Join Date: Aug 2004 Location: in the house and on the street-how many, many feet we meet! Posts: 18,449	That beats a top-decker by an order of magnitude. __________________ The internet is a hateful stew of vomit you can never take completely seriously. - Her Fobs

02-08-2012, 11:31 PM	#11
ZenGum Doctor Wtf Join Date: Oct 2007 Location: Badelaide, Baustralia Posts: 12,861	Zip, I think the situation is the other way around. I suspect this is UT's old boss who has finally figured out that the reason the data keeps getting small random changes and sending naughty emails to the boss is to do with a few trojans and backdoors UT left in the system before he was dumped. The obvious solution is to give UT a "consultancy" to "refresh" the system. I think $100,000 would be industry standard. __________________ Shut up and hug. MoreThanPretty, Nov 5, 2008. Just because I'm nominally polite, does not make me a pussy. Sundae Girl.

02-08-2012, 10:14 PM	#5
Undertoad Radical Centrist Join Date: Jan 2001 Location: Cottage of Prussia Posts: 31,423	Value integrity when hiring. Oh you say nobody hires IT people on that basis? You say they only hire on the basis of which technology keywords people have on their resume? huh.

02-09-2012, 07:50 AM	#12
glatt ™ Join Date: Jul 2003 Location: Arlington, VA Posts: 27,717	I'm not in IT, so I have no idea, but I'd guess that there's very little you can do to be sure everything remains secure. This person could have taken a list of all accounts and passwords home. Even if you disable their account, they could access the network under a different one. Is remote access allowed now, or do you have to be on site to gain access to the system? If remote access is allowed, I don't see how you can guard against them using another account to get in. You just have to trust that their professionalism and fear of legal problems will keep them from doing anything to hurt you.

02-09-2012, 07:44 AM	#13
Clodfobble UNDER CONDITIONAL MITIGATION Join Date: Mar 2004 Location: Austin, TX Posts: 20,012	Mr. Clod has had to deal with this situation before. I'll ask him when he wakes up. __________________ My book My other book My spirit animal

02-09-2012, 08:36 AM	#14
Clodfobble UNDER CONDITIONAL MITIGATION Join Date: Mar 2004 Location: Austin, TX Posts: 20,012	Mr. Clod's response was, "Ooh... yeah. They're probably in trouble." He noted that it really depends heavily on how your systems are set up, but this guy probably has at least a dozen extra logins to various servers, not out of malicious forethought but because they are a convenience when doing maintenance, etc. Worst-case scenario, you could go nuclear and delete every login on every machine, change the root passwords, and then rebuild all the logins from the ground up for legitimate users. But that's kind of a nightmare. He said the most important thing is to make his "post interview" (that thing where HR detains you in the office with paperwork, and asks you to give an honest appraisal of your manager, coworkers, etc., now that you have nothing to lose) last a really, really long time, and have everyone feverishly checking user lists and changing passwords while he's trapped in there. __________________ My book My other book My spirit animal

02-09-2012, 07:19 PM	#15
ZenGum Doctor Wtf Join Date: Oct 2007 Location: Badelaide, Baustralia Posts: 12,861	FFF's method is clearly easier. __________________ Shut up and hug. MoreThanPretty, Nov 5, 2008. Just because I'm nominally polite, does not make me a pussy. Sundae Girl.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)