[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Locking down and monitoring the system

Posted on 2006-06-27
3
Medium Priority
?
140 Views
Last Modified: 2013-12-04
We had a member of our IT team leave, and now people are paranoid he is going to hack in and do damage, we did the regular things of changing every password in AD along wit local ones, I was wondering if there is anything I can do to make sure he didnt create other accounts that he could access, or is there a way to monitor what IP Addresses are accessing the servers,  Has anyone been in the situation before and if so , what steps didd you take to verify the security of your system ?
0
Comment
Question by:focusen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 2000 total points
ID: 17005390
It's hard to be 100% sure, as someone with admin rights could install an "dial-home" tool that allows them access from the inside of your lan to an ourside ip he/she specified before leaving, basically a backdoor.
You should begin auditing your event log's, there are tools like GFI's SELM and Snare that can help automate the process of alerting you to certain event's. Password reset's are definatly step one, disabling that users PC and domain/vpn accounts are also essential. Look through his/her history files, event log's and emails for anything suspicious or out of place. You should also scan all servers and pc's with an antivirus solution, however that sometimes isn't enough. We had an admin use the Sony DRM cd to cloak his program, and we only found if fater scanning his PC with rootkit revealer... if it wasn't on his own pc, we may not of ever really seen it. http://xinn.org/Sony-DRM.html

You should also impliment an IDS system like Snort http://www.snort.org/
http://www.intersectalliance.com/projects/SnareWindows/
http://www.gfi.com/lanselm/

-rich
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question