1) NEVER share individual user password/credentials
2) Immediately disable accounts for employees terminating employment ( voluntary or otherwise ) 3) Immediately change shared administration credential passwords upon participating employees terminating employment 4) DUH ! Erik Goldoff IT Consultant Systems, Networks, & Security ' Security is an ongoing process, not a one time event ! ' From: Wilhelm, Scott [mailto:swilh...@mcs.k12.ny.us] Sent: Friday, March 19, 2010 11:41 AM To: NT System Admin Issues Subject: RE: Made me chuckle In that case, would it be reasonable to reset everyone’s passwords whenever someone leaves the company to prevent something like this from happening, or does the coworker get in trouble as well? Would definitely be a sticky issue. From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Friday, March 19, 2010 11:34 AM To: NT System Admin Issues Subject: RE: Made me chuckle Yeah, we’ve been discussing this one in an IT security class I’m taking in grad school. Lots of things went wrong here. Apparently the fired guy had a former coworker’s password. And in addition to screwing with the cars, he did other things like placing thousands of dollars in orders under the company’s name. John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
