Slashdot Mirror

← Back to Stories (view on slashdot.org)

Searching For Backdoors From Rogue IT Staff

Posted by CmdrTaco on from the i-left-you-a-present dept.

WHiTe VaMPiRe writes "When IT staff are terminated under duress, there is often justification for a complete infrastructure audit to reduce future risk to a company. Here is an exploration of the steps necessary to maintain security." Of course the first piece of advice is to basically assume you've been rooted. Ouch.

3 of 328 comments (clear)

  1. Re:Three words by Cramer · · Score: 5, Informative

    I'm sorry, but that's the a**hole way of running a network... make the place unnecessarily complex so you're the only one who knows how any of it works so "they don't dare fire me." That rarely works out well -- and often encourages firings. Having been the replacement and consultant called in to sort it all out, I support the death penalty for such people.

  2. Re:Two words by fluffy99 · · Score: 3, Informative

    You could easily just badly document or fail to document passwords and configuration info and stuff. As long as you're around and working with the systems daily, everything runs smoothly. If you get fired, there's confusion with the new guy and your memory fades... it's not like they can really tell exactly what isn't a matter of the new guy not being up to speed for weeks. And you're not responsible for giving them consulting services for free after they fire you. If they can't figure out the non-standard port numbers you used, then that's their problem.

    Childs took an idiotic stand where he admitted he knew the passwords and refused to hand them over. That's not the most lenient case, that's the worst case I can think of other than destroying data.

    Even worse, he deliberately setup the routers so he'd have to manually reconfigure them if/when they rebooted - in other words a deadmans switch.

  3. Re:the work involved.. by Kidbro · · Score: 3, Informative

    Of course there was source for the hack at some point. However, this source "disappeared" (i.e. was reverted) after having been compiled once. Subsequent recompiles (of login, or the compiler itself) by an already contaminated compiler propagated the hack.
    In practice, there was no way to get rid of it without compiling the compiler with a compiler that was known to be uncontaminated - something you had no easy way of verifying (or even suspect that you would need to verify).
    Remember that at some point, you need to start with a binary (compiler) that you simply have trust (well, at least in practice - in theory you can build your own computer from the scratch with twigs and bubble gum), and unless you're God himself, that binary was probably built by Ken.

    --
    May we live long and die out