Greetings! On Thu, 12 Feb 2004 23:14:28 -0500 Cael Abal <[EMAIL PROTECTED]> wrote: > Michael T. Harding wrote: > | Anybody know of a checklist or guide to removing access across the > | entire organization for a "retired" admin? > | Mixed environment including Linux, Unix, Windows, Cisco, Nortel > > Wow. Nightmare.
If I get the wording right, the admin and company did not part in good terms? Then it really has potential for a real nightmare - especially if the admin had the time AND MOOD to prepare for that. If he did not have the mood to take revenge, your main problem could be that he simply did not care to tell you the passwords, so you can't log in. Bad thing if you don't have config backups... If he's likely to take revenge, act. Fast. The more time he had to prepare, the worse it can become - especiall if he planted a time bomb, that'll affect you in a year or so when e.g. the old, clean backups are long overwritten. If you have to assume being compromised, re-install and re-configure all your systems starting from scratch and clean media (boot from CD, partition harddisc, format HD, install base system, ...) - and start with your most (business) critical systems. Have this done by an admin you trust. Bye Volker Tanger ITK-Security _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
