We recently had to lay off our IT person. We will get someone new soon.
I want to make sure I secured the network so that he cannot hack in. We have a very simple and small network. Basically, we have 8 PCs sitting behind a Linksys router, all of them with RFC 1918 private addresses, including a file server and a domain controller.
And then we have the outside interface of the router with a static global IP address, of course, for the PAT overload. And finally, we have an application server that also has a global IP address.
This is what I did:
The file server, application server, the domain controller, and the Linksys router are sitting in a locked room and only I have the key.
Network Layer Security:
1.) I changed the password on the Linksys router.
2.) I disabled the function that allows anyone to manage it from a wireless connection.
3.) I disabled all port forwarding/redirection, EXCEPT for FTP -- port 21 to support remote FTP for our field personnel.
Application Layer Security
1.) I changed the Administrator account password on the domain controller (by going to "control panel" and then "user accounts"), as you would on any PC, which actually ended up changing the Administrator password across the entire domain. In other words, now if I want to log-on to a user PC with the Administrator password, it, too, has been changed to the password I applied when I changed it on the domain controller.
2.) I disabled his personal Active Directory account. Now, if I try logging on using his log-on credentials, it says that no controller or tree was available to authenticate him (or something like that).
3.) I changed the log-on credentials for the application server, but kept the remote management program running because I am not the one who manages it.
4.) On the file server, I changed BOTH the Administrator password when logging into the computer locally and the Administrator password when logging into the domain. In other words, if I want to log-on as "Administrator" on the file server, I can log onto "This Computer" or onto the domain. Both those passwords have been changed. I also changed the password for another account he created on the file server that also had administrator rights.
5.) I totally deleted the FTP program we were using on the same file server and re-installed it and then created new accounts with new log-on credentials for our remote users. By the way, those remote users can only FTP to a SEPARATE directory than the local users. IN other words, we used to have it set up where the same drive we were mapping to locally, was the same drive we were FTPing to/from from the field. Now, the field personnel use a different directory, with identical files and directory structure, as a "drop-box," so to speak.
6.) Finally, I "stopped" the remote management service he used to use to get into the network (I think it was called Ultra VNC) on all the PCs that had it loaded, including the file server, the domain controller, and what was his personal work station. As i said, i kept it running on the application server because I don't manage it, but the log-on credentials have been changed.
What do you think? Did I cover all the bases? Am I missing something? PLEASE READ EVERYTHING I WROTE CAREFULLY. Maybe I'm just paranoid now. :-)
Thank you in advance for your help and time.