Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Removing FIred admins

From: Cael Abal <lists2 () onryou com>
Date: Thu, 12 Feb 2004 23:14:28 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Michael T. Harding wrote:

| Anybody know of a checklist or guide to removing access across the entire
| organization for a "retired" admin?
| Mixed environment including Linux, Unix, Windows, Cisco, Nortel

Wow.  Nightmare.

I would expect this is exactly what you didn't want to hear, but you're
in an awfully scary situation.  Imagine every sneaky thing a cracker
could do -- subvert your IDS, implement Ken Thompson-esque
login/compiler bugs, etc... And then consider that they might've
happened any time in the past few years and have by now completely
infiltrated your backup media.

Good luck.  You're really at the mercy of your (ex) admin.  All you can
hope to do is take care of the obvious stuff -- disable his accounts,
change the passwords of any shared accounts / devices, etc.

The alternative (if you can call it that) is to treat your network as
though it was compromised and go from there.

One choice is relatively inexpensive, the other will result in a network
you might be able to trust.

take care,

Cael

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)

iD8DBQFALE8kR2vQ2HfQHfsRAiolAJ41aFarNC7bLN6v053o/aiTrvqJ9ACg13u5
43iaIpkz0zjXMbpj0wJSrTE=
=YPoR
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: