We recently had to lay off our IT person. We will get someone new soon.

I want to make sure I secured the network so that he cannot hack in. We have a very simple and small network. Basically, we have 8 PCs sitting behind a Linksys router, all of them with RFC 1918 private addresses, including a file server and a domain controller.

And then we have the outside interface of the router with a static global IP address, of course, for the PAT overload. And finally, we have an application server that also has a global IP address.

This is what I did:

Physical Security:

The file server, application server, the domain controller, and the Linksys router are sitting in a locked room and only I have the key.

Network Layer Security:

1.) I changed the password on the Linksys router.
2.) I disabled the function that allows anyone to manage it from a wireless connection.
3.) I disabled all port forwarding/redirection, EXCEPT for FTP -- port 21 to support remote FTP for our field personnel.

Application Layer Security

1.) I changed the Administrator account password on the domain controller (by going to "control panel" and then "user accounts"), as you would on any PC, which actually ended up changing the Administrator password across the entire domain. In other words, now if I want to log-on to a user PC with the Administrator password, it, too, has been changed to the password I applied when I changed it on the domain controller.

2.) I disabled his personal Active Directory account. Now, if I try logging on using his log-on credentials, it says that no controller or tree was available to authenticate him (or something like that).

3.) I changed the log-on credentials for the application server, but kept the remote management program running because I am not the one who manages it.

4.) On the file server, I changed BOTH the Administrator password when logging into the computer locally and the Administrator password when logging into the domain. In other words, if I want to log-on as "Administrator" on the file server, I can log onto "This Computer" or onto the domain. Both those passwords have been changed. I also changed the password for another account he created on the file server that also had administrator rights.

5.) I totally deleted the FTP program we were using on the same file server and re-installed it and then created new accounts with new log-on credentials for our remote users. By the way, those remote users can only FTP to a SEPARATE directory than the local users. IN other words, we used to have it set up where the same drive we were mapping to locally, was the same drive we were FTPing to/from from the field. Now, the field personnel use a different directory, with identical files and directory structure, as a "drop-box," so to speak.

6.) Finally, I "stopped" the remote management service he used to use to get into the network (I think it was called Ultra VNC) on all the PCs that had it loaded, including the file server, the domain controller, and what was his personal work station. As i said, i kept it running on the application server because I don't manage it, but the log-on credentials have been changed.

What do you think? Did I cover all the bases? Am I missing something? PLEASE READ EVERYTHING I WROTE CAREFULLY. Maybe I'm just paranoid now. :-)

Thank you in advance for your help and time.

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ex-engineerAuthor Commented:
By the way, to achieve what I say in "Application Security" item #2, "I disabled his personal Active Directory account," I simply opened the Active Directory management interface, aka "Active Directory Users and Computers," then highlighted his account, then right-clicked, and then selected "disable."

I know you can do this with sophisitcated scripts, but I am not interested in that right now. I just want to know if I got the job done.

Did I do it right?

Thank you once again.
Juan OcasioApplication DeveloperCommented:
Another thing you should do is scrutinize you ADUC for any accounts you're not familiar with.  Also look at the administrators group to see who are members and remove anyone who should not be a memeber of that group.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Any outsourced services that have an administrative interface?  Email, spam filters, domain registrars?  
Defend Against the Q2 Top Security Threats

Were you aware that overall malware worldwide was down a surprising 42% from Q1'18? Every quarter, the WatchGuard Threat Lab releases an Internet Security Report that analyzes the top threat trends impacting companies worldwide. Learn more by viewing our on-demand webinar today!

1.) Open RUN
2.) Type in CMD
3.) When it opens, type in IPCONFIG
4.) Copy and paste your ip address into internet explorer.
5.) A popup will prompt you for a username and password.  Leave the username blank, and your factory set password should be admin. (I would recommend changing this so your fired IT guy won't mess around).
6.) Add a password.
Two questions:

Did you fully trust this guy when he was working with you?
Does he have reason to get back at you on some way?

You mention a wireless connection.. I presume you are using encryption on the wireless network and that you have changed the key?
ex-engineerAuthor Commented:
JCasio: Excellent point. I am no Active Directory guru, but from what I can tell, the Administrator account and his personal account were the only accounts with administrator privileges. If you can show me the way to be 100% sure, I will check again. Thank you.

RVTHOST: Good point, too. We do outsource email to a provider and I did change the log-on credentials for the management interface and I deleted his email account.

Freshprince27: I guess you're suggesting I do that so i can change the password on the router. Yes? I did that already.

ISYSEUROPE: I did trust him not to do anything malicious, but he isn't too happy we let him go, that's for sure. hence my concern that I have secured the network.

And yes, I forgot to mention it in my opening statement, but I did change the WEP Key, too, for wireless users.

What do you think guys? Everything covered? I think simply by killing all port forwarding/redirection in the router for all applications (remote desktop, Ultra VNC, etc), except for FTP on port 21, I pretty much killed any chance he had of really accessing the network. Everything sits behind the router and uses private addresses, and there is no OOB access set up, so without port forwarding...

But I did everything else to be sure.
ex-engineer, one last thing I thought of.  Any dial-in modems laying around yet?  Otherwise, it sounds like you have all your bases covered!
Juan OcasioApplication DeveloperCommented:

Open Active Directory Users and Computers, look for the Administrators group, right click on it and select the members  tab.  You'll also want to look in all of the rganizational units (if you have any set up) as well to make sure there isn't a rogue user with access/adminstratin priviledges as well.  It seems as though your ex employee didn't have enough time to set this up, but if s/he knew in advnace then s/he could have...
Juan OcasioApplication DeveloperCommented:
One other thing...Change your WEP to WPA.  It's more secure (just a side-bar...)

ex-engineerAuthor Commented:

Thank you so much for all your help and guidance. I appreciate it very much.

Let me check a couple more things out..

From the author's last comments, it appears JOCASIO and I provided the most useful information. I suggest points to be split accordingly.  My 2 cents :)  Thanks.
ex-engineerAuthor Commented:
Everyone helped! Thanks to all!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.