?
Solved

Locking down and monitoring the system

Posted on 2006-06-27
3
Medium Priority
?
139 Views
Last Modified: 2013-12-04
We had a member of our IT team leave, and now people are paranoid he is going to hack in and do damage, we did the regular things of changing every password in AD along wit local ones, I was wondering if there is anything I can do to make sure he didnt create other accounts that he could access, or is there a way to monitor what IP Addresses are accessing the servers,  Has anyone been in the situation before and if so , what steps didd you take to verify the security of your system ?
0
Comment
Question by:focusen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 2000 total points
ID: 17005390
It's hard to be 100% sure, as someone with admin rights could install an "dial-home" tool that allows them access from the inside of your lan to an ourside ip he/she specified before leaving, basically a backdoor.
You should begin auditing your event log's, there are tools like GFI's SELM and Snare that can help automate the process of alerting you to certain event's. Password reset's are definatly step one, disabling that users PC and domain/vpn accounts are also essential. Look through his/her history files, event log's and emails for anything suspicious or out of place. You should also scan all servers and pc's with an antivirus solution, however that sometimes isn't enough. We had an admin use the Sony DRM cd to cloak his program, and we only found if fater scanning his PC with rootkit revealer... if it wasn't on his own pc, we may not of ever really seen it. http://xinn.org/Sony-DRM.html

You should also impliment an IDS system like Snort http://www.snort.org/
http://www.intersectalliance.com/projects/SnareWindows/
http://www.gfi.com/lanselm/

-rich
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Suggested Courses
Course of the Month10 days, 12 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question