We are working on something called "The Button", which is nothing but small script that activates a series of scripts that change all root, local and domain administrator passwords on our Unix and Windows servers when run. We also have to set up a script that will change the local administrator password on all the desktops and laptops, but that script has to run several times due to the fact that we have a mobile sales force. "The Button" can only be activated by the CTO and will require all administrators to meet with the CTO after the scripts run to get the new passwords. I know that there are solutions out there that do the same thing, but why pay for someone to put a GUI on a scripted process.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cael Abal Sent: Thursday, February 12, 2004 11:14 PM To: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Removing FIred admins -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Michael T. Harding wrote: | Anybody know of a checklist or guide to removing access across the | entire organization for a "retired" admin? | Mixed environment including Linux, Unix, Windows, Cisco, Nortel Wow. Nightmare. I would expect this is exactly what you didn't want to hear, but you're in an awfully scary situation. Imagine every sneaky thing a cracker could do -- subvert your IDS, implement Ken Thompson-esque login/compiler bugs, etc... And then consider that they might've happened any time in the past few years and have by now completely infiltrated your backup media. Good luck. You're really at the mercy of your (ex) admin. All you can hope to do is take care of the obvious stuff -- disable his accounts, change the passwords of any shared accounts / devices, etc. The alternative (if you can call it that) is to treat your network as though it was compromised and go from there. One choice is relatively inexpensive, the other will result in a network you might be able to trust. take care, Cael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (MingW32) iD8DBQFALE8kR2vQ2HfQHfsRAiolAJ41aFarNC7bLN6v053o/aiTrvqJ9ACg13u5 43iaIpkz0zjXMbpj0wJSrTE= =YPoR -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html This e-mail is the property of Oxygen Media, LLC. It is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential, or otherwise protected from disclosure. Distribution or copying of this e-mail or the information contained herein by anyone other than the intended recipient is prohibited. If you have received this e-mail in error, please immediately notify us by sending an e-mail to [EMAIL PROTECTED] and destroy all electronic and paper copies of this e-mail. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
