Educause Security Discussion mailing list archives
Re: Access and the Terminated Employee
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Thu, 3 Mar 2011 15:37:51 -0500
On Thu, 03 Mar 2011 12:31:07 EST, "Sarazen, Daniel" said:
Is there a benefit in allowing an employee whose on vacation, and won't be coming back, to retain their system access?
True story (admittedly from 20 years ago, when things were much different). I was already in friendly "one foot out the door" mode at a previous employer, and I had promised the director that since he had given me my start in computing, I wasn't going to leave them hanging in the breeze (as everybody involved agreed my departure was going to be a major brain drain, as I was like 1/3 of the sysadmin staff at the time). So an older NTP daemon running V2 on one of the boxes I used to admin went bonkers when it saw NTP V3 packets, and started spewing 4 or 5 packets a second instead of one a minute, which gave a much slower machine several states away indigestion. Fortunately, I still had email access so I saw the notice, and I still had network and root access, so I was able to fix the problem. http://www.atm.tut.fi/list-archive/nanog/msg13253.html Of course, the *real* problem was that it was a small (3-4 people) sysadmin staff at the time, and insufficient cross-training so one person's departure didn't cause a brain drain. Although I left docs on everything I could think of, I was still getting the occasional "Hey, how come xyz was set up like this?" questions via e-mail for several months. So it ends up being a question of risk management - which are you more likely to get bit by? The employee who's on his way out on a (presumably) amicable basis suddenly going rogue(*), or one of his systems blowing up and you need help fixing it? (Probably totally different answers if your shop has 3 sysadmins versus 30, as I mentioned above, and whether you have a paranoid person in Legal and/or Risk Management :) (*) An important issue there is the chances the employee left a back door that they'd still have access even if you thought it was revoked. Remember said backdoor would be planted while they still have access...
Attachment:
_bin
Description:
Current thread:
- Aruba guest portal logging... Jeff Kell (Mar 01)
- Re: Aruba guest portal logging... Greg Williams (Mar 02)
- Access and the Terminated Employee Feehan, Patrick (Mar 02)
- Re: Access and the Terminated Employee Chris Green (Mar 02)
- Re: Access and the Terminated Employee Basgen, Brian (Mar 02)
- Re: Access and the Terminated Employee Roderick Cook (Mar 02)
- Re: Access and the Terminated Employee Dave Kovarik (Mar 02)
- Re: Access and the Terminated Employee LIOTTA, KAREN (Mar 03)
- Re: Access and the Terminated Employee Dave Kovarik (Mar 03)
- Re: Access and the Terminated Employee Sarazen, Daniel (Mar 03)
- Re: Access and the Terminated Employee Valdis Kletnieks (Mar 03)
- Access and the Terminated Employee Feehan, Patrick (Mar 02)
- Re: Aruba guest portal logging... Greg Williams (Mar 02)