[ale] Network security question

[Mark Wright]

Hi folks,

I have a problem my boss dumped in my lap.  He is going to let go our  
network admin because he is dishonest.  He is also pretty good and  
has bragged about how he hacked his former employer (hp) for mischief  
when he was terminated.  My boss wants me to tell him what he should  
do before he fires this guy to make sure this guy can't disrupt our  
business after he's gone.  We don't know that he will but my boss  
thinks so.

The office is in Chicago (me in Woodstock).  There are about 5  
windows 03 servers and 5 AIX, a Cisco router and a Cisco firewall.   
My boss is not worried about the AIX as that is our expertise.  One  
of the windows boxes hosts RDP and one is a webserver using Cold  
Fusion.  Those are the ones he worries about.  He had trouble before  
when he tried to change the Cold Fusion password.  The web site  
stopped working so he is afraid to do that even though he knows he  
needs to.

I suggested to him that all the account passwords should be changed  
on every box for every user and possibly disable email ports on any  
system that doesn't need email.  I was wondering about root kits that  
may have been left behind or code that could email out the new  
passwords in a week or so.

I know there are some excellent security experts out there.  Any tips  
would be greatly appreciated.




Mark









The box said "Windows98 or better" so I installed Linux.

-------------- next part --------------
An HTML attachment was scrubbed...