lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: besh at gmx.net (Benjamin Schweizer)
Subject: Removing FIred admins

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Volker Tanger wrote:

| If you have to assume being compromised, re-install and
| re-configure all your systems starting from scratch and clean media
|  (boot from CD, partition harddisc, format HD, install base system,
|  ...) - and start with your most (business) critical systems. Have
| this done by an admin you trust.

Keep in mind that the "retired" admin knows all weaknesses, he knows
if there is an ids, insecure protocols, what system compromises hurt
most, he knows the social network and, may be he knows how to get
phsyical access... paranoia?

I think you need to do some risk management. There are some steps to
keep in mind (from a security-point of view), I'd follow this order:

1. change the logins
2. ensure that he has no more physical access
3. inform his colleques (protect against social engineering)
4. check your logs / increase the log level / install additional ids
5. reinstall the affected systems from scratch (run an audit if not
possible)
6. fix security holes that he could/should know
7. ensure that your other admins are upright (be fair)
8. watch your competitors if he sold information
9. break his password, if you have no access to your data
10. prepare for the future

You should ask yourself the questions "how much can it cost in the
worst case?", "will we survive it?" and "is that realistic?". Costs
vs. security.



regards

- --
http://www.redsheep.de/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFALPMs4Lmwv7NFcKMRAmbTAJ9xe4CAYog7oVonsoZjMnzDfa8axgCgzB+I
MrAZ860jkPt8C15iBleH2/I=
=cCzI
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ