RE: Handling Sysads resignation/termination

[Mark Teicher <mht3 () earthlink net>]

DISCLAIMER #1: Hypothetical situation, may or may not have occurred 
in real life

Has anyone observed or heard of a former employer make up stories, 
issues and sending corporate lawyers after the former employee for 
"what is in their head?" and accuse them without merit of contacting 
customers, ideas, methodologies, etc.  Sounds a bit too Johnny 
Mneumonicish doesn't it.

These type of companies should conduct a thorough investigation (i.e. 
provide transcripts of the conversations, invoices, retrieving the 
entire security focus chat room conversation within context ) 
Sometimes former employees like to bring out the threaten by attorney 
ploy without really looking into the situation.  Anyways for those 
type of companies, I am sure they have much better "FOCUS" management 
items to complete (i.e. write a thorough business plan in detail, 
including original process/procedures (no leveraging of previous 
material, other words from scratch (HINT: They sell books on how to 
do this) how to build a boutique consulting practice defining 
realistic sales cycles and revenue streams without running into all 
the same hurdles as their defined competitors and in less time. HINT 
#2: Use the Web to research previous boutique consulting practices 
that have succeeded, failed or been acquired.

HINT: Smoke and mirrors only goes half way here and attempting to 
divert attention to the Johnny Mneumonic/former employee example used 
above only lasts so long.. :)

*DISCLAIMER #2: For those imaginary legal type folks from the big "O" 
who are monitoring my various rantings and ravings or who are being 
fed information from their resources ("move along, nothing to see 
here").. Time to take my meds...

At 12:04 AM 8/4/2005, Solomon wrote:
> I must agree with Michael.  We are all pretty much honest and are very
> dedicated to their work and some would like nothing more than to pass there
> "work" on to the next person.
> Lavel
>
> There are many but here is one, an honest brother a widows son.
>
> -----Original Message-----
> From: Michael Starr [mailto:northstarr () northstarr org]
> Sent: Tuesday, August 02, 2005 11:49 PM
> To: 'Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]'; 'Irvin Temp'
> Cc: pen-test () securityfocus com
> Subject: RE: Handling Sysads resignation/termination
>
> We all need to remember that destroying a former employer's (or anyone
> else's) property is a crime -- and that we're all supposed to have good
> backup procedures and disaster recovery plans.  We all council our clients
> to that effect, right? We have the recourse of the courts available to us
> when an administrator (or any other employee) behaves badly, if necessary.
> While some (I won't say paranoid) folks feel they can't trust the
> administrators who've served them well, the fact of the matter is that in
> most cases (though not in the case of a retiring admin) the person is going
> to be looking for another job.  In the network administration field, neither
> a criminal record, nor "I trashed my last employer's network because they
> let me go" look very good on a resume.  If a systems administrator doesn't
> have their reputation, they have nothing.
>
> I have to say that I have been called in to recover passwords on a network
> where an admin quit, changed all of the administrator passwords AND the user
> passwords, and refused to turn them over.  That person was sued for LOTS of
> damages, including my hours in recovering access to the network.
> Additionally, he didn't work in the industry, as far as I know, ever again.
> His bad behavior is the exception, and not the rule.
>
> I will also say that most systems administrators are at least as honest and
> ethical as the average CPA, or attorney -- even when they've been
> terminated.  Finally, it should go without saying that there is a secondary
> employee who knows the network well, and can review and report on the status
> and condition of the system at periodic intervals, both pre and post
> administrator termination.
>
> As with anything else, proper prevention outweighs correction by a mile.
> There is a method for terminating an employee -- admin or otherwise, and
> there is a reason for that.  There are also methods of putting checks and
> balances in place long before termination becomes an issue, and there are
> reasons for that as well.  For example, when an admin employee is ready to
> retire, their network access should be curtailed immediately, and their
> duties should be cut back accordingly.  Often, it's best to pay them NOT to
> come in to work for a few weeks.
>
> I bet the SANS reading room has information on this topic too.
>
> That's my .02
> Northstarr
>
> -----Original Message-----
> From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
> [mailto:sbradcpa () pacbell net]
> Sent: Tuesday, August 02, 2005 8:40 PM
> To: Irvin Temp
> Cc: pen-test () securityfocus com
> Subject: Re: Handling Sysads resignation/termination
>
> What's he going to do? Say yes? Then what?
>
>
> Anyone else besides me thinking of a employment leaving documentation
> poured over by Attorneys where he/she has to sign something to the effect?
>
> I wouldn't want you to certify that ....that's asking a bit much on your
> part I think. I think you, your HR department and your firm's Attorneys
> need to sit down and discuss an action plan.
>
> Normally for anyone who isn't a sysadmin the termination process
> involved revoking accounts, keys, devices, changing locks etc etc...
>
> Check out Steve Riley on this topic...
>
> http://blogs.technet.com/steriley/archive/2005/07/19/407917.aspx
>
> The article is posted in the security management column section on
> TechNet and is the Viewpoint article in the July security newsletter.
> Check it out, and please tell me what you think. It's been generating
> some opinions :)
>
> http://www.microsoft.com/technet/community/columns/secmgmt/sm0705.mspx
>
>     Do you trust your administrators? That seemingly innocent question
>     creates a serious dilemma in the minds of a lot of people. While we
>     all know what we'd /like/ the answer to be, the disappointing fact
>     is that, increasingly, the true answer is the opposite. This became
>     apparent in discussions I had with many attendees at TechEd US in
>     May-there is genuine concern about the trustworthiness of
>     administrators...
>
>
>
> Irvin Temp wrote:
>
> >I've been working as a security consultant for a
> >financial company.
> >
> >a system administrator handling the several of the
> >critical servers will be retiring. before he leave the
> >
> >company the management wants me to interview him and
> >in
> >"certify" that he did not leave any timebombs,
> >malicious
> >programs on the pcs.
> >
> >Since i have no experience in handling pre-termination
> >of
> >a systems administrator, i would appreciate you
> >insights
> >and suggestions on how to go about this.
> >
> >Questions that needs to be asked. Steps to take to
> >ensure that the systems are clean after his
> >resignation.
> >
> >
> >Thanks and God bless!
> >
> >__________________________________________________
> >Do You Yahoo!?
> >Tired of spam?  Yahoo! Mail has the best spam protection around
> >http://mail.yahoo.com
> >
> >---------------------------------------------------------------------------
> ---
> >FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't
> >
> >Learn the hacker's secrets that compromise wireless LANs. Secure your
> >WLAN by understanding these threats, available hacking tools and proven
> >countermeasures. Defend your WLAN against man-in-the-Middle attacks and
> >session hijacking, denial-of-service, rogue access points, identity
> >thefts and MAC spoofing. Request your complimentary white paper at:
> >
> >http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
> >---------------------------------------------------------------------------
> ----
> >
> >
> >
> >
>
> --
> Letting your vendors set your risk analysis these days?
> http://www.threatcode.com
>
>
> ----------------------------------------------------------------------------
> --
> FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't
>
> Learn the hacker's secrets that compromise wireless LANs. Secure your
> WLAN by understanding these threats, available hacking tools and proven
> countermeasures. Defend your WLAN against man-in-the-Middle attacks and
> session hijacking, denial-of-service, rogue access points, identity
> thefts and MAC spoofing. Request your complimentary white paper at:
>
> http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
> ----------------------------------------------------------------------------
> ---
>
>
>
>
> ----------------------------------------------------------------------------
> --
> FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't
>
> Learn the hacker's secrets that compromise wireless LANs. Secure your
> WLAN by understanding these threats, available hacking tools and proven
> countermeasures. Defend your WLAN against man-in-the-Middle attacks and
> session hijacking, denial-of-service, rogue access points, identity
> thefts and MAC spoofing. Request your complimentary white paper at:
>
> http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
> ----------------------------------------------------------------------------
> ---
>
>
>
>
> ------------------------------------------------------------------------------
> FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't
>
> Learn the hacker's secrets that compromise wireless LANs. Secure your
> WLAN by understanding these threats, available hacking tools and proven
> countermeasures. Defend your WLAN against man-in-the-Middle attacks and
> session hijacking, denial-of-service, rogue access points, identity
> thefts and MAC spoofing. Request your complimentary white paper at:
>
> http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
> -------------------------------------------------------------------------------


------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------