[Full-Disclosure] Removing FIred admins
Cael Abal
lists2 at onryou.com
Fri Feb 13 04:14:28 GMT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Michael T. Harding wrote:
| Anybody know of a checklist or guide to removing access across the entire
| organization for a "retired" admin?
| Mixed environment including Linux, Unix, Windows, Cisco, Nortel
Wow. Nightmare.
I would expect this is exactly what you didn't want to hear, but you're
in an awfully scary situation. Imagine every sneaky thing a cracker
could do -- subvert your IDS, implement Ken Thompson-esque
login/compiler bugs, etc... And then consider that they might've
happened any time in the past few years and have by now completely
infiltrated your backup media.
Good luck. You're really at the mercy of your (ex) admin. All you can
hope to do is take care of the obvious stuff -- disable his accounts,
change the passwords of any shared accounts / devices, etc.
The alternative (if you can call it that) is to treat your network as
though it was compromised and go from there.
One choice is relatively inexpensive, the other will result in a network
you might be able to trust.
take care,
Cael
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)
iD8DBQFALE8kR2vQ2HfQHfsRAiolAJ41aFarNC7bLN6v053o/aiTrvqJ9ACg13u5
43iaIpkz0zjXMbpj0wJSrTE=
=YPoR
-----END PGP SIGNATURE-----
Full-Disclosure is hosted and sponsored by Secunia.