IT Guy Fired: Anything to worry about?

Discussion in 'Community Discussion' started by Melrose, Jun 24, 2011.

  1. Melrose, Jun 24, 2011
    Last edited: Jun 24, 2011

    Melrose Suspended

    Melrose

    Joined:
    Dec 12, 2007
    #1
    So today the more-or-less IT guy was fired where I work; he's not a wizard at IT by any means, but he did have a pretty good knowledge of how all that stuff works - as well as remote access from home to his computer and the network at work.

    He quit under rather trying circumstances today, and in discussions with my immediate boss there may be some possibility of Remote Reprisal.

    What steps do we have to take to make sure he can't come in by some backdoor later and mess around? Passwords on our websites have been changed, etc, but what about remote access?

    TIA :)
     
  2. iJohnHenry macrumors P6

    iJohnHenry

    Joined:
    Mar 22, 2008
    Location:
    On tenterhooks
    #2
    You must have a small shop?

    This should have all been looked at, before you frog-marched the guy out the door.

    Sorry, nothing constructive to add, just annoyed at the lack of PPPPP.
     
  3. KasperH macrumors regular

    KasperH

    Joined:
    May 26, 2011
    #3
    Depending on the size and complexity of your company's infrastructure i advice you to consider hiring professional help.

    He could have several remote control installations like teamviewer, logmein, remote desktop, VPN connections...etc etc.

    You will need to disable his user account, access token, change domain service accounts, local and domain admin accounts, force your users to change their passwords, look through firewall logs to block his ip addresses, and shut down and unplug his PC's and administrative server (jump server with all his tools and stuff) Secure and backup of your data. Implement policies for certain programs and tighten your firewall security until you have the basics under control.
     
  4. sushi Moderator emeritus

    sushi

    Joined:
    Jul 19, 2002
    Location:
    キャンプスワ&#
    #4
    Right now, try the following regarding your router:

    - Password changed.

    - All ports blocked until you know what they can do / enable.

    On his computer, look for programs for remote access such as LogMeIn, GoToMyPC, etc. Delete them. You will need an Admin password to do so.

    You mentioned that you chanced all your passwords. Well, let's check:

    - Log in passwords (Mac is easy. PC you usually have user, admin and set administrator.)

    - E-mail (official or other that may be on your computer).

    - Log in for remote file shares.

    - Log in for remote servers. You mentioned web, so maybe this is done.

    - Log in for any remote PayPal type accounts.

    - Log in for any web servers such as Go Daddy type services.

    Thanks all I can think of off the top of my head.



    EDIT:

    Or this! :)
     
  5. iJohnHenry macrumors P6

    iJohnHenry

    Joined:
    Mar 22, 2008
    Location:
    On tenterhooks
    #5
    Or, have a couple of guys from the bent-nose society pay him a friendly visit. :eek:
     
  6. Melrose thread starter Suspended

    Melrose

    Joined:
    Dec 12, 2007
    #6
    I greatly appreciate this help - it's far more than I would have known.

    He does have VPN (or did), I think. He used the Terminal for a few things, and in his Apps there was no evidence of any remote access software, but he could have simply run them from a different folder, correct? He did use Apple RemoteDesktop to manage the computers in the building. The company runs a bit low on knowledge in the tech arena; if he accesses our system using a VPN or whatnot on his computer, is shutting that down enough for the time being?

    We just migrated our sites to GoDaddy, and I'm not sure if this authentication has been changed or not. As far as I know, he still has at least FTP access to the server, so I'll check on that. Except for a few computers, the whole building is Mac.
     
  7. balamw Moderator

    balamw

    Staff Member

    Joined:
    Aug 16, 2005
    Location:
    New England
    #7
    Out and out reprisal would be a certain kiss-of-death for this person to get another job as a sysadmin. So in this economy, no matter how trying the circumstances, I would hope for professional behavior.

    FWIW under these circumstances you shouldn't just change your website passwords, but all user passwords in the building. A malicious BOFH would be able to use any user password they happen to know as a "hook."

    B
     
  8. -aggie- macrumors P6

    -aggie-

    Joined:
    Jun 19, 2009
    Location:
    Where bunnies are welcome.
    #8
    You said he was fired, but then you said he quit?
     
  9. maclaptop macrumors 65816

    maclaptop

    Joined:
    Apr 8, 2011
    Location:
    Western Hemisphere
    #9
    In addition to the good advice already given, I strongly suggest someone monitor the entire system, activity logs et al, for at least another ten days. There is no substitute for supreme vigilance at this juncture. While it's in his best interest not to retaliate, he may not be thinking rationally.

    Good Luck.
     
  10. BigPrince macrumors 68020

    Joined:
    Dec 27, 2006
  11. Melrose thread starter Suspended

    Melrose

    Joined:
    Dec 12, 2007
    #11
    Thanks again for the help - it doesn't help that I'm the only one there that knows much of anything about this sort if thing, so I'll kind of have to teach myself as I go about checking server logs and stuff.

    I tried to log in to his Admin software from his computer but he had shut it all down, and given his penchant for it sharing much info at all for stuff like this it might be tricky to actually get in there to begin with.

    He's ranted before about quitting but they've talked him down. This time the boss said "good luck... Get your stuff and leave."
     

Share This Page