?
Solved

Locking down and monitoring the system

Posted on 2006-06-27
3
Medium Priority
?
142 Views
Last Modified: 2013-12-04
We had a member of our IT team leave, and now people are paranoid he is going to hack in and do damage, we did the regular things of changing every password in AD along wit local ones, I was wondering if there is anything I can do to make sure he didnt create other accounts that he could access, or is there a way to monitor what IP Addresses are accessing the servers,  Has anyone been in the situation before and if so , what steps didd you take to verify the security of your system ?
0
Comment
Question by:focusen
1 Comment
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 2000 total points
ID: 17005390
It's hard to be 100% sure, as someone with admin rights could install an "dial-home" tool that allows them access from the inside of your lan to an ourside ip he/she specified before leaving, basically a backdoor.
You should begin auditing your event log's, there are tools like GFI's SELM and Snare that can help automate the process of alerting you to certain event's. Password reset's are definatly step one, disabling that users PC and domain/vpn accounts are also essential. Look through his/her history files, event log's and emails for anything suspicious or out of place. You should also scan all servers and pc's with an antivirus solution, however that sometimes isn't enough. We had an admin use the Sony DRM cd to cloak his program, and we only found if fater scanning his PC with rootkit revealer... if it wasn't on his own pc, we may not of ever really seen it. http://xinn.org/Sony-DRM.html

You should also impliment an IDS system like Snort http://www.snort.org/
http://www.intersectalliance.com/projects/SnareWindows/
http://www.gfi.com/lanselm/

-rich
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question