Penetration Testing mailing list archives
Re: Handling Sysads resignation/termination
From: Irvin Temp <znah_irvin () yahoo com>
Date: Thu, 4 Aug 2005 06:13:10 -0700 (PDT)
Asking a systems adminstrator to certify that he has not installed any time bombs on a system is unreasonable,
Would like to clarify this. The scenario is that the consultant will be the one to "certify" to management that the systems has free from timebombs. Certify DOES NOT necessarily mean signing a document and 100% ensuring there are no timebombs. What is important that due diligince is given to ensure that the system has been inspected for such programs.
The administrator cannot certify that a product has not come with a "trojan" already installed, and for the most part, may be completely unaware of any penetrations of the existing network.
Exactly the reason for a proper procdure for an exit of a systems administrators. This is to facilitate the proper turnover of critical system. This is not primarily to scrutinize the administrator but infact to protect him and the intellectual property and integrity of the company systems. It does not follow that when a timebomb has been found on his servers, it would immediately mean that he planted it. if his pc was hack and someone has planted a trojan on it without his knowledge, then it would protect him by clarifying things. The idea that he was a hacked or the findings was an honest mistake will always be considered! Appreciate your inputs. Again, i would like to clarify things. The administrator is not forced to sign anything or swore that the system is in trojan free. This is to facilitate the proper transfer of responsibility or company asset. In the same way that he is requested to return company provided resources such as access cards, laptops/pdas, smart cards, keys to lockers etc etc.. and to assess the conditions of this resources upon returning. Thank you! __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------------------------------------------------------------ FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't Learn the hacker's secrets that compromise wireless LANs. Secure your WLAN by understanding these threats, available hacking tools and proven countermeasures. Defend your WLAN against man-in-the-Middle attacks and session hijacking, denial-of-service, rogue access points, identity thefts and MAC spoofing. Request your complimentary white paper at: http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801 -------------------------------------------------------------------------------
Current thread:
- Re: Handling Sysads resignation/termination, (continued)
- Re: Handling Sysads resignation/termination Michael Hammer (Aug 04)
- RE: Handling Sysads resignation/termination Erin Carroll (Aug 04)
- RE: Handling Sysads resignation/termination Michael Starr (Aug 03)
- RE: Handling Sysads resignation/termination Solomon (Aug 03)
- RE: Handling Sysads resignation/termination Irvin Temp (Aug 04)
- Message not available
- RE: Handling Sysads resignation/termination Mark Teicher (Aug 04)
- Re: Handling Sysads resignation/termination Irvin Temp (Aug 04)