[clug] Detecting malicious former employees

Kim Holburn kim.holburn at nicta.com.au
Mon Sep 11 06:29:01 GMT 2006

If you use a cleartext chap-secrets file in pptp that he/she had  
access to, you need to change every password.

(They should be >16 random chars anyway.)  Use radius with a separate  
password set in future.

On 2006 Sep 11, at 3:22 PM, John Fletcher wrote:

> Hi guys,
> I'm looking for some advice about precautions to take when a  
> potentially
> malicious and highly priviliged (previously had root pw) employee  
> leaves an
> organisation.  Can anyone give me some advice about precautions to  
> take and
> especially where to look to detect possible attempts to gain access or
> engage in malicious activity?
> In this particular case we're talking about linux firewall, PPTPD,
> mailservers, and various other bits and pieces.  Most work done  
> from remote
> locations, not onsite.
> Thanks,
> Fletch.
> -- 
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux

Kim Holburn
Security Manager, National ICT Australia Ltd.
Ph: +61 2 61258620 M: +61 417820641  F: +61 2 6230 6121
mailto:kim.holburn at nicta.com.au  aim://kimholburn
skype://kholburn - PGP Public Key on request
Cacert Root Cert: http://www.cacert.org/cacert.crt
Aust. Spam Act: To stop receiving mail from me: reply and let me know.
Use ISO 8601 dates [YYYY-MM-DD] http://www.saqqara.demon.co.uk/ 

Democracy imposed from without is the severest form of tyranny.
                           -- Lloyd Biggle, Jr. Analog, Apr 1961

More information about the linux mailing list