Firing System Administrators CPTE 433 John Beckett.

Slides:

Advertisements

Similar presentations

MFA for Business Banking – Security Code Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing these QT sheets.

Advertisements

Copyright 2006 Mid-City Offices Systems. Busy people… How would your business be affected, if you suddenly lost all of your computer data? Rush through.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

Mobile Application Architectures

Frequently Asked Questions Q: Why am I not getting job? A: There is huge difference in knowledge ACQUIRED in college & knowledge REQUIRED in IT industry.

ECEU300 Ethics in the Workplace Why talk about Ethics? Everyone is ethical, everyone knows how to behave at work. Everyone gets it about not stealing stuff.

Ms. Marla Gross MOS October  The process of leaving a job, whether you:  Found a new job, are fired, or company no longer needs your services/downsized.

Ethics Ethics are the rules of personal behavior and conduct established by a social group for those existing within the established framework of the social.

020870A01_LT 1 Successful Interviewing Skills Surviving and Excelling in a Behavioral Based Interview.

Chapter 14: Troubleshooting and Problem Resolution.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Security Week 10 Lecture 1. Why do we need security? Identify and authenticate people wanting to use the system Prevent unauthorised persons from accessing.

SOA Security Chapter 12 SOA for Dummies. Outline User Authentication/ authorization Authenticating Software and Data Auditing and the Enterprise Service.

Be able to plan e-commerce strategies. E-commerce strategy An e-commerce strategy encapsulates all the decisions which need to be made when setting up.

Computer Security Fundamentals

Database Administration Chapter 16. Need for Databases  Data is used by different people, in different departments, for different reasons  Interpretation.

Organizing Your Job Search

CRISIS COMMUNICATIONS PLANNING A rehearsal for crisis Planning is key.

Chapter 13 Prepared by Richard J. Campbell Copyright 2011, Wiley and Sons Auditing Human Resources Processes: Personnel and Payroll in Service Industries.

1 Networks, advantages & types of What is a network? Two or more computers that are interconnected so they can exchange data, information & resources.

Manager Self Service October 15, InSITE Self Service Manager Self Service Presentation This presentation is approximately 10 minutes in length.

1 3 Computing System Fundamentals 3.4 Networked Computer Systems.

CS 4720 Security CS 4720 – Web & Mobile Systems. CS 4720 The Traditional Security Model The Firewall Approach “Keep the good guys in and the bad guys.

Alisha Horsfield INTERNET SAFETY. firewall Firewall- a system made to stop unauthorised access to or from a private network Firewalls also protects your.

PC Support & Repair Chapter 10 Communication Skills.

Developing an accessibility policy. In this talk we will discuss What is an accessibility policy Why do we need one? Getting started - steps to consult.

What’s in it for Me?. Recognition Program The Recognition Program requires extra work on the part of a Department. Why do we need to do it???

1. Define the term ‘database’(2) A database is a large and continuously updated collection of stored data structured to allow the various applications.

©Kwan Sai Kit, All Rights Reserved Windows Small Business Server 2003 Features.

Information Security and YOU!. Information Assurance Outreach Information Security Online Security Remote Access with Demonstration The Cloud Social.

15 Maintaining a Web Site Section 15.1 Identify Webmastering tasks Identify Web server maintenance techniques Describe the importance of backups Section.

Ethics CPTE 433 John Beckett. Ethics & Morals Morals tell us what is right and good. –Religious people believe morals come from God –SAs often say something.

Public Employees Retirement System October 31, 2007 Eric Sokol, CSD Administrator Jeffrey Marecic, ISD Administrator Senate Bill 583 Implementation.

MIS 385/MBA 664 Systems Implementation with DBMS/ Database Management Dave Salisbury ( )

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.

Royal Latin School. Spec Coverage: a) Explain the advantages of networking stand-alone computers into a local area network e) Describe the differences.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

20411B 8: Installing, Configuring, and Troubleshooting the Network Policy Server Role Presentation: 60 minutes Lab: 60 minutes After completing this module,

Remote Access Service CPTE 433 John Beckett. Types of Users Need access from home Need access from anywhere Low bandwidth needs High bandwidth needs –This.

Information Systems Security Operational Control for Information Security.

Enterprise Network Risks Attachments -- Workers opening an attachment could unleash a worm or virus onto the corporate network, and a new evolution.

Software Requirements Engineering: What, Why, Who, When, and How

Climb Out of the Hole CPTE 433 Chapter 2 Adapted by John Beckett from The Practice of System & Network Administration by Limoncelli, Hogan, & Chalup.

Information Assurance Policy Tim Shimeall

Physical ways of keeping your system secure. Unit 7 – Assignment 2. (Task1) By, Rachel Fiveash.

Computer Security! Emma Campbell, 8K VirusesHackingBackups.

Viruses Hackers Backups Stuxnet Portfolio Computer viruses are small programs or scripts that can negatively affect the health of your computer. A.

Data Base Systems Some Thoughts. Ethics Guide–Nobody Said I Shouldn’t Kelly make a backup copy of his company’s database on CD and took it home and installed.

Hiring The “Right” Person…. The 1st Time!!!

Unit 8 LANGUAGE FOCUS. Content  Word study  Word used in Computing and Telephoning  Grammar  Pronoun  Indirect speech with conditional sentences.

ISPAB Panel on Usable Security Mary Frances Theofanos - NIST Ellen Cram Kowalczyk - Microsoft.

Cmpe 471: Personnel and Legal Issues. Personnel Crime is a human issue not a technological one Hiring On-going management Unauthorised access Redundancy.

Created by Carisa Guasp. Computer Applications  Standard The student will evaluate the impact and applications of computers in society. ◦ 1.1 -

Emergency Records Organizer By SIR Phil Goff, Branch 116 Area 2 Computers and Technology January 17, 2013.

Business Ethics and Social Responsibility

 time flies  This common idiom means that time passes quickly.  'Time flies when you are having fun.'

Computer Security By Duncan Hall.

Primenumbers.co.uk This presentation will help you get the most out of this service.

Bullying in the Workplace

CHAPTER 9 ANNISA FAIZAH( ) RAHAJENG H. RARAS( ) ANA CLARISTI( ) DAMARINA( ) ASKING AND EXPLAINING.

SY0-401 COMPTIA Security+ Certification Exam Vcepracticetest.com.

CompTIA Security+ Certification Exam SY

Networking Objectives Understand what the following policies will contain – Disaster recovery – Backup – Archiving – Acceptable use – failover.

3.6 Fundamentals of cyber security

Information Technology (IT) Audits

Landpower Project Zero Harm Learning Series Module:. #7a Module Title:

Module Overview Installing and Configuring a Network Policy Server

Landpower Project Zero Harm Learning Series Module:. #7a Module Title:

Digital Forensics in the Corporation

Presentation transcript:

Firing System Administrators CPTE 433 John Beckett

Why, Why, Why? The two sides of the story are probably so different that you’d wonder if they were working in the same company –or inhabiting the same planet –Because unhappy terminations usually start with differences in perceptions Don’t pass info to others –This can hurt people –It decreases your credibility and promotability Focus on the technical tasks

First, the Headlines “Firing” an SA is undoing the access (s)he had while employed. That can be difficult because: –The SA may have designed the access scheme (perhaps in undocumented ways we call “back doors.”) –The SA probably had “root” access to many facilities. –Fundamentally, it’s an “agency” problem.

The Agency Problem The person whose (potential) misdeeds could harm stakeholders, is in control of information. Corporate CEO/CFOs: Control decision- making input to boards. SAs: Control the controls of your system

Termination Steps Procedure –Follow corporate HR policy –Use a checklist – file it when complete Access –Physical –Remote –Service & Applications Improve –Look for ways to shorten the checklist

Termination Checklist Part 1: Work with HR –They may already have a checklist Part 2: Technical aspects relating to the SAs job –Should include technical details on how to do each step –Likely to be updated every time you use it

How To Develop a Checklist Start with the checklist for processing a person in. Continue with a list of what they’ve developed or set up. Now you know what you must disconnect them from!

Three Levels of Access Physical Access –Deactivate card / Return key(s) –Deny Social Engineering Remote Access –Radius / Dial-in –VPN Application/Service Access Use a separate team for each level.

Physical Control Devices Could that key have been duplicated? Was this SA able to make access cards? –Again – that nasty agency problem! Do you actually have records of all cards or keys that have been distributed? Weigand cards are pre-serialized at the factory, which improves your ability to achieve good control.

Portable Property –Whose property is it, really? –How will you physically get it returned? –Accessories? –Cables? –Wall-Warts? –Are there subscriptions to cancel or re-direct? –Can you “nuke” this product?

Don’t We Trust Each Other? Good separation protects both: The firm, because it is less likely to suffer damage. –…or encounter confusion when solving a problem which might have had something to do with the fired employee. The employee who is leaving. –She wishes to remain above approach.

Case: “Zap This Drive” User’s job was to do research. All the research went on his hard drive (which wasn’t backed up.) He was fired. On his way out, he told the SA, “I’ve got some personal stuff on the drive so please nuke it.” The SA did what he was asked to do.. Who is responsible for this gaffe?

What Did the SA Do Wrong? 1.Honored the request of a fired employee. 2.Failed to recognize that the computer in its entirety was the property of the company. 3.Failed to have a backup program in place. Fortunately, a recovery program worked.

The Media Ministry I acted as a volunteer webmaster for a media ministry just starting to use the web My only contact at the ministry was fired for unspeakable behavior The ministry’s manager was worried that the fired person might strike back The manager called me when I was out of town on a trip, with limited connectivity

What We Did The manager and I authenticated each other –SDA workers can always do this –The procedure involves exchange of tokens that were shared experiences I “froze” the site by changing the root password –Should have done an extra backup as well Later, I passed control on to a new webmaster they acquired –Authenticated through a third party

What Could Have Gone Wrong The fired employee could have had a hacker friend –The hacker friend could have left a back door in the system –They could have made changes at a later time We were lucky –The fired employee actually cared about the ministry, even though his personal behavior was not what it should be

Improving the Process Have a single authentication database Document access that does not depend on this database Archive system configuration files –Audit changes, tracking them to specific tickets