× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. July 2007

RE: Preparing for a High-profile Termination

From: Steve Martinson

Situation:

High-profile, knowledgeable staff member soon to be terminated
(employment, not by Ahh-nold); has "keys to the kingdom" for both the
System i and the network; likely knows passwords for many service and/or
utility profiles on the iSeries.

Ugh. This doesn't sound like a pretty thing. Besides the already noted
fact that the person probably already knows they are being terminated, there
are a wide variety of issues that come into play.

You should ALWAYS have policies in place for the "hit by a bus" situation.
What this means is that there should be a set of hardcopy documents defining
passwords and procedures for all secure activites. These should be stored
in a fireproof safe with limited access (e.g., CTO/CIO and CEO). These
documents should ideally be duplicated in a second secure location.

Okay, on to the fun. What can happen when Elvis leaves the building?

Well, first off Elvis is likely to still be able to access the system from
outside the building. Most companies have a variety of external access,
from web accounts to VPN to wireless devices. They may even have a wireless
network, which means a knowledgeable person with a WEP key and physical
proximity can go bonkers.

So obviously, you need to lock down all passwords to everything immediately.
The biggest problem with that is that nowadays lots of passwords are cached,
compiled or otherwise stored in programs that run on one machine and access
another machine. ODBC/JDBC/thick client/web service; many of these have
user profiles and passwords that allow them to function and that, if
disabled, will cause mission critical systems to fail.

You need to identify all inter-machine communications profiles and prepare
for changes to those passwords. If you have a completely SSO-enabled
environment with biometrics this can be relatively painless, while in the
99% of shops that run in the real world, passwords are out in the wild for
everything from FTP to PDF encryption.

Remember, passwords aren't just for signing on any more.

Joe



As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.