Question
An unfortunate effect of the present economic climate is that workers are being laid off or made redundant. Sad though this may be, IT managers and system administrators have a duty to ensure the continued security of their organization’s systems and must take suitable steps following the termination of employees.
The following security suggestions are not meant to be exhaustive and may not all apply to every customer, but we suggest that they be reviewed as a minimum set of reasonable precautions from the perspective of Gordano’s products. Add any other items that you identify as specific to your operation.
Answer
- After terminating an employee’s contract (worker), do not give them access to their desk, PC, laptop or any company-owned handheld devices unless they are fully supervised and the network connection has been disconnected from the unit.
- Immediately terminate their accounts by changing the password. If the worker was an administrator, inspect the list of administrators carefully. Verify that any users with administrative privileges are properly authorized. Also check GMS Communication Server to ensure there are no unauthorized users with moderator or other privileges.
- Take a new backup immediately. Verify that your back-up tapes are where they should be and function correctly. Check that logs and recovery files are being mailed to the correct addresses.
- Change all employee passwords where they have access to the organization’s IT systems. Remember that an administrator may have access to accounts not in their own name (e.g. root access on Unix/Linux systems, administrator accounts on Windows systems). An administrator may also have a hard copy or plain-text copy of all user accounts and passwords, so you may need to change everyone’s passwords.
- Change passcodes and physical locks in the building, especially those for the computer rooms.
- Lock down all systems to which the worker had access. Review your intrusion detection system to confirm robustness. Double-check that your systems are hardened against attack. Consider setting a ‘trip wire’ to send automated alerts to the administrator if system anomalies occur.
- Check account privileges, looking for anomalies. Particularly examine the
group and validate the entries, especially anyone possessing super user privileges. For example, the ?backup? account may have been given administrator’s rights! - Check your firewall for any special port access to your systems (such as from the worker’s home) and change firewall passwords. Check for updates to your firewall.
- Change your VPN’s shared secret and verify wireless network authentication.
- Change your pcAnywhere/VNC passwords and remove the worker if necessary. Change the ports used, too.
- Make sure your virus protection is up-to-date, and make sure that you have all the latest patches for your server Operating System.
- Brief all staff on when and to whom they should and should not divulge information.
Keywords:leaves administrator root security accounts password