Securing your perimeter against former employees
Could you describe some ways to protect our systems and network from laid off workers? My company is in the process of laying people off, and I'm struggling to keep us safe from them. Some who are getting laid off are remote workers with laptops, so we can't just confiscate the laptops immediately.
This is not so much a Linux-based security issue as a perimeter security issue. It's also hard to answer without more information about the nature of the remote access you have into your environment. I would assume these former employees have some form of dial-up or broadband connection to your organization. If they require a user name and password to use this service, then the first thing I recommend is disabling/deleting their user names and passwords from the system.
Other options include:
- Removing their LAN or other hosts usernames and passwords so that even if they are able to access the environment, they cannot use or abuse any resources or assets.
- Changing all your Administrator or root type passwords in case any of your former employees has access to these.
- Auditing your environment for old users, unknown users, or generic users that might be used to perform malicious acts.
If those former employees can dial up or connect remotely to your organization without a username and password then I feel you have a broader security problem than simply potential malicious behaviour by laid-off workers and you need to secure your perimeter as soon as possible with appropriate access controls.
This was first published in September 2005