troubleshooting Question
administrator leaver process
I was just having a quick read through this article:
https://www.infosecurity-magazine.com/news/it-administrator-sentenced-for/
Clearly an “administrator” leaving a company brings with it more challenges and possible remediation's than a standard user from a security/risk perspective. Do you have any specific checklists and best practices you follow when someone with detailed knowledge of your network/infrastructure leaves? I suspect there are a lot more checks on your list then just disabling a single AD user account.
I have noticed in account audits before credentials for administrative accounts have sometimes not been changed for a significant period of time (years) – are exempt from expiry policies etc, and are sometimes known by multiple officers.
As an network/security admin yourself, assuming your individual AD account(s) are disabled once you leave employment, what other accounts do you typically have knowledge of that could be used to regain remote access into your former employers network? Or other techniques you could use to regain access? So we can look into possibilities for protecting those areas as well if a knowledgeable senior administrator leaves. We need some form of checklist, especially for protecting 'remote access' opportunities for former administrators.
https://www.infosecurity-magazine.com/news/it-administrator-sentenced-for/
Clearly an “administrator” leaving a company brings with it more challenges and possible remediation's than a standard user from a security/risk perspective. Do you have any specific checklists and best practices you follow when someone with detailed knowledge of your network/infrastructure leaves? I suspect there are a lot more checks on your list then just disabling a single AD user account.
I have noticed in account audits before credentials for administrative accounts have sometimes not been changed for a significant period of time (years) – are exempt from expiry policies etc, and are sometimes known by multiple officers.
As an network/security admin yourself, assuming your individual AD account(s) are disabled once you leave employment, what other accounts do you typically have knowledge of that could be used to regain remote access into your former employers network? Or other techniques you could use to regain access? So we can look into possibilities for protecting those areas as well if a knowledgeable senior administrator leaves. We need some form of checklist, especially for protecting 'remote access' opportunities for former administrators.
Learn from the best
Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.
Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 6 Answers and 10 Comments.
Try for 7 days”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.
Our community of experts have been thoroughly vetted for their expertise and industry experience.