RE: Removing FIred admins

["James Patterson Wicks" <pwicks () oxygen com>]

We are working on something called "The Button", which is nothing but
small script that activates a series of scripts that change all root,
local and domain administrator passwords on our Unix and Windows servers
when run.  We also have to set up a script that will change the local
administrator password on all the desktops and laptops, but that script
has to run several times due to the fact that we have a mobile sales
force.  "The Button" can only be activated by the CTO and will require
all administrators to meet with the CTO after the scripts run to get the
new passwords.  I know that there are solutions out there that do the
same thing, but why pay for someone to put a GUI on a scripted process.


-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Cael Abal
Sent: Thursday, February 12, 2004 11:14 PM
To: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Removing FIred admins

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Michael T. Harding wrote:

| Anybody know of a checklist or guide to removing access across the 
| entire organization for a "retired" admin?
| Mixed environment including Linux, Unix, Windows, Cisco, Nortel

Wow.  Nightmare.

I would expect this is exactly what you didn't want to hear, but you're
in an awfully scary situation.  Imagine every sneaky thing a cracker
could do -- subvert your IDS, implement Ken Thompson-esque
login/compiler bugs, etc... And then consider that they might've
happened any time in the past few years and have by now completely
infiltrated your backup media.

Good luck.  You're really at the mercy of your (ex) admin.  All you can
hope to do is take care of the obvious stuff -- disable his accounts,
change the passwords of any shared accounts / devices, etc.

The alternative (if you can call it that) is to treat your network as
though it was compromised and go from there.

One choice is relatively inexpensive, the other will result in a network
you might be able to trust.

take care,

Cael

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)

iD8DBQFALE8kR2vQ2HfQHfsRAiolAJ41aFarNC7bLN6v053o/aiTrvqJ9ACg13u5
43iaIpkz0zjXMbpj0wJSrTE=
=YPoR
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


This e-mail is the property of Oxygen Media, LLC.  It is intended only for the person or entity to which it is 
addressed and may contain information that is privileged, confidential, or otherwise protected from disclosure. 
Distribution or copying of this e-mail or the information contained herein by anyone other than the intended recipient 
is prohibited. If you have received this e-mail in error, please immediately notify us by sending an e-mail to 
postmaster () oxygen com and destroy all electronic and paper copies of this e-mail.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html