Searching For Backdoors From Rogue IT Staff

WHiTe VaMPiRe writes "When IT staff are terminated under duress, there is often justification for a complete infrastructure audit to reduce future risk to a company. Here is an exploration of the steps necessary to maintain security." Of course the first piece of advice is to basically assume you've been rooted. Ouch.

Separation of rights and duties

[damn_registrars]

A good IT department for a sizable company should have some technicians and some administrators. There is rarely - if ever - reason for technicians to have root access to servers and other administrative rights. Your admins should themselves be vetted well enough to not have to worry about them compromising your network after the fact.