[clug] Detecting malicious former employees
Kim Holburn
kim.holburn at nicta.com.au
Mon Sep 11 06:29:01 GMT 2006
If you use a cleartext chap-secrets file in pptp that he/she had
access to, you need to change every password.
(They should be >16 random chars anyway.) Use radius with a separate
password set in future.
On 2006 Sep 11, at 3:22 PM, John Fletcher wrote:
> Hi guys,
>
> I'm looking for some advice about precautions to take when a
> potentially
> malicious and highly priviliged (previously had root pw) employee
> leaves an
> organisation. Can anyone give me some advice about precautions to
> take and
> especially where to look to detect possible attempts to gain access or
> engage in malicious activity?
>
> In this particular case we're talking about linux firewall, PPTPD,
> mailservers, and various other bits and pieces. Most work done
> from remote
> locations, not onsite.
>
> Thanks,
> Fletch.
> --
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux
--
Kim Holburn
Security Manager, National ICT Australia Ltd.
Ph: +61 2 61258620 M: +61 417820641 F: +61 2 6230 6121
mailto:kim.holburn at nicta.com.au aim://kimholburn
skype://kholburn - PGP Public Key on request
Cacert Root Cert: http://www.cacert.org/cacert.crt
Aust. Spam Act: To stop receiving mail from me: reply and let me know.
Use ISO 8601 dates [YYYY-MM-DD] http://www.saqqara.demon.co.uk/
datefmt.htm
Democracy imposed from without is the severest form of tyranny.
-- Lloyd Biggle, Jr. Analog, Apr 1961
More information about the linux
mailing list