[UNCLASSIFIED]RE: [clug] Detecting malicious former employees

[Michael Still]

Antti.Roppola at brs.gov.au wrote:
> Hi all,
> 
> Also consider what *other* accounts said person might have had su access to.
> For example: ISPs, hosting providers, telcos, generic system logins (i.e. "oracle"),
> un-documented/defunct/departed/stupid user accounts, cronjobs, web interfaces,
> databases etc. etc. etc.

And machines that there might be sessions on from before the employee 
left your employ. Screen, ssh tunnels from home, that sort of thing.

Mikal