Re: Handling Sysads resignation/termination

From: Irvin Temp (znah_irvin@yahoo.com)
Date: Thu Aug 04 2005 - 09:13:10 EDT


> Asking a systems adminstrator to certify that he has
> not installed any time bombs on a system is
> unreasonable,
Would like to clarify this. The scenario is that the
consultant will be the one to "certify" to management
that the systems has free from timebombs. Certify DOES
NOT necessarily mean signing a document and 100%
ensuring there are no timebombs. What is important
that
due diligince is given to ensure that the system has
been inspected for such programs.

> The administrator cannot certify that a product has
> not come with a "trojan" already installed, and for
> the most part, may be completely unaware of any
> penetrations of the existing network.
Exactly the reason for a proper procdure for an exit
of a systems administrators. This is to facilitate the
proper turnover of critical system. This is not
primarily to scrutinize the administrator but infact
to protect him and the intellectual property and
integrity of the company systems. It does not follow
that when a timebomb has been found on his servers, it
would immediately mean that he planted it. if his pc
was hack and someone has planted a trojan on it
without his knowledge, then it would protect him by
clarifying things. The idea that he was a hacked or
the
findings was an honest mistake will always be
considered!

Appreciate your inputs. Again, i would like to clarify

things. The administrator is not forced to sign
anything or swore that the system is in trojan
free. This is to facilitate the proper transfer of
responsibility or company asset. In the same way that
he is requested to return company provided resources
such as access cards, laptops/pdas, smart cards, keys
to lockers etc etc.. and to assess the conditions of
this resources upon returning.

Thank you!

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:41 EDT