[UNCLASSIFIED]RE: [clug] Detecting malicious former employees

Antti.Roppola at brs.gov.au Antti.Roppola at brs.gov.au
Tue Sep 12 00:54:08 GMT 2006


Michael Still wrote:

> We're not talking about a specific person though. I would expect any organization to have
> an "exit checklist" that ensures that someone in a trusted position has their access revoked
> properly. We're talking about what should be on that checklist.

> (In fact, in the US, it's pretty much legally required).

After chatting about this with a few people, I was thinking that this would be
a good topic for a HOWTO. Sure enough, there's already a few, but few available checklists
(found thus far) exhaustively list things that a disgruntled employee might exploit.

Covers the basics, but not insideous attempts
http://www.howtoforge.com/linux_remove_users 

Suggests securing the user's file on the chance that they may contain evidence of any planned action
http://www.computer-policy.com/response.htm

Suggests that securing logs is a key precaution
http://www.secretservice.gov/ntac/its_report_050516.pdf

This is probably the most comprehensive list I was able to find
http://radio.weblogs.com/0103807/stories/2002/06/25/sysadminWhenTheSysadminIsForcedToLeaveTheBuilding.html

Cheers,

Antti

---------------------------------------------------------------------- 
IMPORTANT - This message has been issued by The Department of Agriculture, Fisheries and Forestry (DAFF).  The information transmitted is for the use of the intended recipient only and may contain confidential and/or legally privileged material.  It is your responsibility to check any attachments for viruses and defects before opening or sending them on.  
Any reproduction, publication, communication, re-transmission, disclosure, dissemination or other use of the information contained in this e-mail by persons or entities other than the intended recipient is prohibited.  The taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited.  If you have received this e-mail in error please notify the sender and delete all copies of this transmission together with any attachments.  If you have received this e-mail as part of a valid mailing list and no longer want to receive a message such as this one advise the sender by return e-mail accordingly.  Only e-mail correspondence which includes this footer, has been authorised by DAFF 
----------------------------------------------------------------------


More information about the linux mailing list