Solved

Locking down and monitoring the system

Posted on 2006-06-27
3
136 Views
Last Modified: 2013-12-04
We had a member of our IT team leave, and now people are paranoid he is going to hack in and do damage, we did the regular things of changing every password in AD along wit local ones, I was wondering if there is anything I can do to make sure he didnt create other accounts that he could access, or is there a way to monitor what IP Addresses are accessing the servers,  Has anyone been in the situation before and if so , what steps didd you take to verify the security of your system ?
0
Comment
Question by:focusen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 500 total points
ID: 17005390
It's hard to be 100% sure, as someone with admin rights could install an "dial-home" tool that allows them access from the inside of your lan to an ourside ip he/she specified before leaving, basically a backdoor.
You should begin auditing your event log's, there are tools like GFI's SELM and Snare that can help automate the process of alerting you to certain event's. Password reset's are definatly step one, disabling that users PC and domain/vpn accounts are also essential. Look through his/her history files, event log's and emails for anything suspicious or out of place. You should also scan all servers and pc's with an antivirus solution, however that sometimes isn't enough. We had an admin use the Sony DRM cd to cloak his program, and we only found if fater scanning his PC with rootkit revealer... if it wasn't on his own pc, we may not of ever really seen it. http://xinn.org/Sony-DRM.html

You should also impliment an IDS system like Snort http://www.snort.org/
http://www.intersectalliance.com/projects/SnareWindows/
http://www.gfi.com/lanselm/

-rich
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question