Let me try to elaborate. As they say, nothing is idiot-proof to a
sufficiently talented idiot. Someone suggested scanning all the source
code for the person's name/ID. If your "knowledgeable staff member" has
that level of access would they really do something diabolical using
their own ID? Would they leave the source laying around to document
their deed?
In a situation like this you would need to be observant and reactive,
notice anything out of the ordinary ASAP and react even faster. And
have a DR plan. If a problem does arise you don't want to have to
restore, recreate the problem and restore again.
My suspicion is that more problems will arise because of the lack of
knowledge transfer due to the termination than the termination itself.
Either way, you'll need access to a "smart person." The real reason
that there aren't any iSeries viruses? The people who could write them
all have jobs!
Regards,
Scott Ingvaldson
System i Administrator
GuideOne Mutual Insurance Company
-----Original Message-----
From: rob@xxxxxxxxx [
mailto:rob@xxxxxxxxx]
Sent: Tuesday, July 03, 2007 2:06 PM
To: Midrange Systems Technical Discussion
Subject: RE: Preparing for a High-profile Termination
Interesting Scott. We contract with IBM to do "benevolent hacking" to
test our entire network. We get regular reports with "opportunities for
improvement". I wonder if part of that service can include that?
Rob Berendt
--
Group Dekko Services, LLC
Dept 01.073
PO Box 2000
Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com
"Ingvaldson, Scott" <SIngvaldson@xxxxxxxxxxxx>
Sent by: midrange-l-bounces@xxxxxxxxxxxx
07/03/2007 02:59 PM
Please respond to
Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
To
"Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx>
cc
Fax to
Subject
RE: Preparing for a High-profile Termination
All good answers, but (if you are that concerned) I think that your #1
task is to find someone smarter than your "knowledgeable staff member"
to be on call in case an emergency arises.
Regards,
Scott Ingvaldson
System i Administrator
GuideOne Mutual Insurance Company
-----Original Message-----
From: Steve Martinson [
mailto:smartfamily2003@xxxxxxxxx]
Sent: Tuesday, July 03, 2007 11:30 AM
To: midrange forum
Subject: Preparing for a High-profile Termination
Situation:
High-profile, knowledgeable staff member soon to be terminated
(employment, not by Ahh-nold); has "keys to the kingdom" for both the
System i and the network; likely knows passwords for many service and/or
utility profiles on the iSeries.
Requirement:
Prior to term date, analyze system for vulnerabilities associated with a
position like the one described above and prepare a task list that will
address the situation both before and after the termination.
Areas to be reviewed include system values, network attributes (exit
points too), directory entries, SST, job descriptions, subsystem routing
entries, all user and group profile parameters and their implications,
authorities to libraries, directory (WRKLNK) authorities, etc.
Can anyone think of anything else that could be a critical hole that
should be reviewed/covered?
Best regards and TIA,
Steven W. Martinson, CISSP, CISM
Sheshunoff Management Services, LP.
Senior Consultant - Technology & Risk Management
2801 Via Fortuna, Suite 600 | Austin, TX 78746
Direct: 281.758.2429 | Mobile: 512.779.2630
e.Mail: smartinson@xxxxxxxxx
As an Amazon Associate we earn from qualifying purchases.