Full Disclosure mailing list archives
RE: Removing FIred admins
From: "James Patterson Wicks" <pwicks () oxygen com>
Date: Fri, 13 Feb 2004 00:29:25 -0500
We are working on something called "The Button", which is nothing but small script that activates a series of scripts that change all root, local and domain administrator passwords on our Unix and Windows servers when run. We also have to set up a script that will change the local administrator password on all the desktops and laptops, but that script has to run several times due to the fact that we have a mobile sales force. "The Button" can only be activated by the CTO and will require all administrators to meet with the CTO after the scripts run to get the new passwords. I know that there are solutions out there that do the same thing, but why pay for someone to put a GUI on a scripted process. -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Cael Abal Sent: Thursday, February 12, 2004 11:14 PM To: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Removing FIred admins -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Michael T. Harding wrote: | Anybody know of a checklist or guide to removing access across the | entire organization for a "retired" admin? | Mixed environment including Linux, Unix, Windows, Cisco, Nortel Wow. Nightmare. I would expect this is exactly what you didn't want to hear, but you're in an awfully scary situation. Imagine every sneaky thing a cracker could do -- subvert your IDS, implement Ken Thompson-esque login/compiler bugs, etc... And then consider that they might've happened any time in the past few years and have by now completely infiltrated your backup media. Good luck. You're really at the mercy of your (ex) admin. All you can hope to do is take care of the obvious stuff -- disable his accounts, change the passwords of any shared accounts / devices, etc. The alternative (if you can call it that) is to treat your network as though it was compromised and go from there. One choice is relatively inexpensive, the other will result in a network you might be able to trust. take care, Cael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (MingW32) iD8DBQFALE8kR2vQ2HfQHfsRAiolAJ41aFarNC7bLN6v053o/aiTrvqJ9ACg13u5 43iaIpkz0zjXMbpj0wJSrTE= =YPoR -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html This e-mail is the property of Oxygen Media, LLC. It is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential, or otherwise protected from disclosure. Distribution or copying of this e-mail or the information contained herein by anyone other than the intended recipient is prohibited. If you have received this e-mail in error, please immediately notify us by sending an e-mail to postmaster () oxygen com and destroy all electronic and paper copies of this e-mail. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Removing FIred admins Michael T. Harding (Feb 12)
- Re: Removing FIred admins Cael Abal (Feb 12)
- Re: Removing FIred admins Raymond Lillard (Feb 12)
- Re: Removing FIred admins Volker Tanger (Feb 13)
- Re: Removing FIred admins Benjamin Schweizer (Feb 13)
- Re: Removing FIred admins Paul J. Morris (Feb 13)
- Re: Removing FIred admins gadgeteer (Feb 13)
- Re: Removing FIred admins Cael Abal (Feb 12)
- <Possible follow-ups>
- RE: Removing FIred admins James Patterson Wicks (Feb 12)
- Re: Removing FIred admins gadgeteer (Feb 12)
- RE: Re: Removing FIred admins Steve Wray (Feb 13)
- RE: Re: Removing FIred admins Michal Zalewski (Feb 13)
- RE: Re: Removing FIred admins Steve Wray (Feb 13)
- Re: Re: Removing FIred admins Valdis . Kletnieks (Feb 13)
- Re: Re: Removing FIred admins Benjamin Schweizer (Feb 14)
- RE: Re: Removing FIred admins Steve Wray (Feb 14)
- PC/DRM Turing-completness (Re: Removing FIred admins) Martin Mačok (Feb 14)
- Re: Removing FIred admins gadgeteer (Feb 12)
- Re: Re: Removing FIred admins Valdis . Kletnieks (Feb 13)