Telecom and Logistics Associates 

new6.gif (1031 bytes) TLAalert    Security Service 
Translate this page from:  publication: Christian ALT 
  Save Time and Money

TLAnews: Security NEWs Service

 27.6.2000 SecurityHow to protect your system if you're firing a network administrator
More and more companies request help when they decide to fire one of their system administrator or network administrator. How should we proceed and what should we take care of are the main worries for company managers.

En français: Comment protèger son système si on licencie l'administrateur
 De plus en plus d'entreprise nous demande de l'aide lorsqu'elles décident de se séparer de leur administrateur système ou de leur responsable réseaux. Comment devons nous procèder et à quoi devons nous faire attention sont les préoccupations essentielles des directions d'entreprise.

Home
Consulting
Tech Doc
FW-1 FAQ
Training
Products
TLAnews
Archive
Advertising
 

TLAnews.com
Information for security concerned people

 
Register to TLAnews letter
 

 

TLA
Network and Securiy company

 

 

 

 

 

 
English version

The termination must be performed on on pay and leave basis.

Change everyone's passwords so he/she can't use them to break into the system.

Verify that your backup tapes are where they should be; make sure the information has been saved correctly and the tape is functioning properly.

Do a new backup.

Lock down every system that person had access to on the day of termination.

Have a new network administrator ready to step into the open position immediately.

Go up on the system and check user names and passwords, looking for anything unusual.

Make sure every logon has a password for it.

Lock down all the inside doors, such as the file servers, application servers and mail servers.

Look for backdoors on the system, such as Back Orifice on Windows 2000 or Windows NT

Make sure there aren't any known vulnerabilities that haven't been patched - the administrator could have left those holes behind so he could get back in.

Strengthen your intrusion-detection system.

Set a trip wire - software that alerts the administrator to system anomalies, such as the size of a file changing.
Résumé en français

Le licenciement doit s'effectuer avec effet immédiat pour ne pas laisser d'opportunité à l'administrateur de faire quopi que ce soit au système.

Changer les mots de passe de chacun pour qu'il ou elle ne puisse les utiliser pour entrer dans le système.

Verifiez que les bandes de sauvegarde se trouvent où  elles doivent être, que l'information a été sauvegardée et que les bandes fonctionnent correctement

Faites un nouveau backup

Le jour du départ de l'administrateur, faites en sorte qu'il n'ait plus d'accès aux systèmes

Il faut avoir un nouvel administrateur prêt à prendre directement ce poste.

Allez sur le système et vérifier qu'il n'y a rien d'anormal

Verifiez que chaque compte dispose d'un mot de passe.

Verifiez qu'il n'y a pas de trojan, comme Back Orifice sous Windows 2000 ou windows NT

Verifiez  qu'il n'y a pas de vulnérabilité qui ne serait pas "patchée" - L'administrateur pourrait les avoir laissé de manière à pouvoir pénètrer le système.

Intensifiez vos contrôles d'intrusion

Mettez en place un test d'intégrité, qui alertera l'administrateur en cas d'anomalies

This list could be much longer depending on the case.

Same general reminder
Never have a single person administer a system or a network. In case of small companies you can always ousource part of those tasks

Keep servers in a secured area.

Rotate backup tapes - don't keep using the same one over and over again.

Stay up-to-date on software patches.

Scan e-mail to see what's going out of the company, double-check backup tapes and have someone else do the backups if that person is the one in question.

Make sure critical IS workers are bonded.


 
Author information.
Copyright © [Telecom and Logistics Associates Sàrl]. All rights reserved.
Revised: juin 27, 2000 .

All information provided is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the facts of the particular situation.