Announcement

Collapse
No announcement yet.

Firing an IT employee

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Firing an IT employee

    Hey guys,

    One of our clients is getting rid of their temp IT guy to transition to another IT resource. The client wants us to make sure that everything is secure and that we make sure that he does not have any way of getting in. Here is a mental list of things that I know needs to happen:

    1. Remove LogMeIn or similar program from his machine.
    2. Make sure no one else has LogMeIn installed or make sure they change the access code to their account.
    3. Change the password for any VPN tunnels
    4. Change the Admin password
    5. Disable his account
    6. Look for other accounts that have admin rights and disable those
    7. Update Services that rely on admin accounts

    I need to make sure we do not lose any functionality when we change the admin password (services not starting, databases not connecting, etc).

    Does it seem like I am missing any other details?

    Thanks!

  • #2
    Re: Firing an IT employee

    Change every password for any administrative accounts, service accounts, switchgear passwords, etc etc. Also change his password, as well as disabling the account.

    Spend some time checking over his PC to see if anything sticks out as being dodgy, but after that I'd be inclined to wipe the machine entirely and reinstall the OS.

    Make sure that any firewall ports that don't need to be open are closed.

    Actively monitor the logs for anything that looks like an attempt to gain access.

    Since he's a temp, presumably he knows that he's leaving soon. If that's not the case, make sure that after he's told, he isn't left on his own.

    Make sure the backups are tested by someone other than him and verified to be workable, so that should anything happen, at least the company can get back to a working state.
    Gareth Howells

    BSc (Hons), MBCS, MCP, MCDST, ICCE

    Any advice is given in good faith and without warranty.

    Please give reputation points if somebody has helped you.

    "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

    "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

    Comment


    • #3
      Re: Firing an IT employee

      Some of this is redundant with the other posts, but here's my list:

      Disconnect his computer from the network. You can analyze/rebuild it offline.

      Check every method of remote access (web, RDP, VPN, modem) for holes or backdoors.

      Change the password on all local and domain administrator accounts, application, and service accounts.

      Conduct an audit of all user accounts and check out/verfiy all accounts that can't be matched up to a physical person or to a service or application account.

      Make every user change their password.

      Change all switch, router, AP, etc. admin or enable passwords. Audit all SNMP enabled devices and consider changing the SNMP community strings.

      Comment


      • #4
        Re: Firing an IT employee

        Also, check for wireless access points that shouldn't be there. Any that should be there should have their security settings checked. Basically do everything you can to force any attempted breaches to come in through the WAN interface.

        Make sure every employee knows that he is no longer working there, so that if he is seen in the building action can be taken.
        Gareth Howells

        BSc (Hons), MBCS, MCP, MCDST, ICCE

        Any advice is given in good faith and without warranty.

        Please give reputation points if somebody has helped you.

        "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

        "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

        Comment


        • #5
          Re: Firing an IT employee

          Dont forget to change any ISP login's for domain / DSL accounts for account managment etc. Internic for any domains regiestered will be password protected. Check registrant details for any domains owned at www.dnsstuff.com

          The temp may be the only person with access to this, and it may require a phone call to the ISP.

          Perimerter firewall and router logons need changed as well.
          Last edited by fergie; 31st July 2009, 12:32.
          MCP 2003, XP, MCP Exchange 2003, Sonicwall CSSA, ITIL V3

          Comment


          • #6
            Re: Firing an IT employee

            Don't forget to pack up and shut down their current business and start a whole new company just in case you missed something.

            Comment


            • #7
              Re: Firing an IT employee

              Garen, that was funny. I'm rolling on the floor laughing.

              (No offense to anyone).

              Comment


              • #8
                Re: Firing an IT employee

                Originally posted by Garen View Post
                Don't forget to pack up and shut down their current business and start a whole new company just in case you missed something.
                BWA HA HA HA HA

                Comment


                • #9
                  Re: Firing an IT employee

                  Originally posted by Garen View Post
                  Don't forget to pack up and shut down their current business and start a whole new company just in case you missed something.
                  ROFL

                  Yeah but anyway, just an update. Thanks for the advice everyone, I was able to transition them with no issues (although Arcserve was quite a pain in the ass).

                  Comment

                  Working...
                  X