| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: lists2 at onryou.com (Cael Abal) Subject: Removing FIred admins -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Michael T. Harding wrote: | Anybody know of a checklist or guide to removing access across the entire | organization for a "retired" admin? | Mixed environment including Linux, Unix, Windows, Cisco, Nortel Wow. Nightmare. I would expect this is exactly what you didn't want to hear, but you're in an awfully scary situation. Imagine every sneaky thing a cracker could do -- subvert your IDS, implement Ken Thompson-esque login/compiler bugs, etc... And then consider that they might've happened any time in the past few years and have by now completely infiltrated your backup media. Good luck. You're really at the mercy of your (ex) admin. All you can hope to do is take care of the obvious stuff -- disable his accounts, change the passwords of any shared accounts / devices, etc. The alternative (if you can call it that) is to treat your network as though it was compromised and go from there. One choice is relatively inexpensive, the other will result in a network you might be able to trust. take care, Cael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (MingW32) iD8DBQFALE8kR2vQ2HfQHfsRAiolAJ41aFarNC7bLN6v053o/aiTrvqJ9ACg13u5 43iaIpkz0zjXMbpj0wJSrTE= =YPoR -----END PGP SIGNATURE-----
Powered by blists - more mailing lists