Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: How to terminate network administrator's employment?

How to terminate network administrator's employment? 9 years 1 month ago #23492

  • KiLLaBeE
  • KiLLaBeE's Avatar
  • Offline
  • Expert Member
  • Posts: 466
  • Karma: 0
How do you go about terminating the employment of a network administrator, or anyone with excessive privileges on the network (i.e: domain admin, enterprise admin, etc)? Wouldn't you be afraid that the former employee would attempt to do harm to the network upon leaving? After all, the the former employee would have deep knowledge of the network's architecture and security. I guess what I'm asking is, what actions would you take after the employee was terminated? Would you re-architect part of the network, change passwords to the major systems, and change the security policy of the network? All that work just because there's a chance that the employee may do harm in the background?

What should be the process for hiring a network administrator? Beside the typical background check and drug test, should other tests/checks be done to ensure that the individual can be trusted?

Share your ideas

Thanks!

K
The administrator has disabled public write access.

Re: How to terminate network administrator's employment? 9 years 1 month ago #23496

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Posts: 1390
  • Karma: 1
This topic is covered under the CISSP CBK.

Hiring, you should do a full background check, including criminal background checks for things like fraud, computer crime, etc...

Firing, you should escort them off the premessis once they are told that they are fired, you shouldn't make them work their notice because during that time they could do anything. It should be a case of your fired and have security escort them to their desk to collect belonging (not touching a computer system) and then escort through the door.

You then need to perform an audit of all your systems against your security policies, check all user accounts are accounted for and have the correct permissions for their roles. Wireless, change any keys, disable all usernames for that user. All Admin accounts need to have the password changed immediately.

All admins should have their own users for admin tasks with their own passwords that only they know. This is important for auditing purpose so you know who has done what and every action can be pinpointed to an indicidual. The Administrator account would have a really really difficult password that no-one would ever remember once its configured and this should then be locked in a safe that only a few individuals can get to. This is then only for emmergency but will probably never be used again since individual admins have their own accounts.

The key is probably to start with changing admin passwords and disabling all associated accounts with that user. Then, look at all entry points into the systems (i.e. firewalls, VPN's, secure web services accessible from external) and audit them and ensure no username/passwords are associated with that user. Once done, start with an internal audit to ensure no backdoors have been left.

Cheers
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
The administrator has disabled public write access.

Re: How to terminate network administrator's employment? 9 years 1 month ago #23505

  • KiLLaBeE
  • KiLLaBeE's Avatar
  • Offline
  • Expert Member
  • Posts: 466
  • Karma: 0
Wow!

I'm guessing terminating a network administrator's (or anyone with excessive privileges isn't something you frequently want to do).

Would you say that the above practices are actually used in the real world? With IT projects being presented so often, it would seem difficult to keep up with the projects AND to do all that auditing. It would also appear to be a stab in the back of an employee if the minute he presented his notice for you to terminate him right there because of security reasons.

Thanks again

-K
The administrator has disabled public write access.

Re: How to terminate network administrator's employment? 9 years 1 month ago #23506

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Posts: 1390
  • Karma: 1
Suppose it depends on the individual really. If they are being sacked, then i would probably do the above procedure because if documentation is upto date, then it should be quite easy to spot something that isn't configured correctly.

Also, depends on organisation. A really large Bank for example would probably do that procedure to the letter. A small solicitors may not. Depends what is at stake.

I would say that the key is to ensure that all administrators have individual accounts that they use and no shared ones. Then disable them upon leaving. If you speak with audit then you will probably find that you need to perform audits on your IT systems every year or so anyhow so its good practice. Also, up-to-date documentation which will state the accounts and priviledge so you can spot if someones priviledge is escalated.
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
The administrator has disabled public write access.
Time to create page: 0.079 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup