Quit Your Job Tuesday

Kjell Wooding | 2001-08-28

Here at pd.o, we occasionally have to take on topics with the level of seriousness that they deserve. This is one of those Tuesdays.

What to do When Your Sysadmin Quits

The loss of a systems administrator is a serious thing. System administrators typically have root-level access to your corporate computing environment. This puts you and your organization in a difficult position when they announce that they are leaving. The following guidelines will help you through this difficult decision.

  1. First of all, despite what your feelings tell you, never trust a departing sysadmin. Though they may have provided the company with months, or even years of loyal service, a departing systems administrator can be like a wounded predator. Expect and plan for the worst.
  2. Never let a departing sysadmin clean up after himself. Once he gives notice, terminate access to all systems immediately. This will minimize damage to your company and your systems. You may want to go as far as to escort him from the building immediately. Any personal effects left behind can be boxed up and left for pickup at a later date. If you don’t trust the ex-sysadmin inside the building, arrange for pickup at a neutral location, such as behind the dumpster in the back alley.
  3. Change all system account passwords. Since it is often difficult to tell which accounts the sysadmin may have had access to, err on the side of caution and change them all.
  4. Do not let the sysadmin speak directly with his replacement(s). Insist that all communication take place through a trusted third party. This will provide an audit trail if he decides to make the transition difficult and/or legal action is later required.
  5. Keep a close eye on corporate property, especially software licenses and computer hardware. These items can easily go missing, so a timely audit of existing assets is essential. Review expense reports and ensure that all expensed-for items are turned in before his departure, even ones for which you have no use. These are all company assets, after all.
  6. Give your staff some warning. Review the situation, and ensure they are on the lookout for unethical and/or illegal behavior. You may also wish to do the same for any business associates he may have had contact with. You can not be too careful here. Remember, your sysadmin had root-level access to your corporate computing environment. The opportunities for mischief are virtually limitless. Do not worry about the reputation of your sysadmin. Your company’s best interests come first. Remember: it’s not slander if you think it could be true.
  7. Forward the system administrator’s mail to a trusted employee. You should feel no obligation to offer any kind of mail forwarding on behalf of the sysadmin. Corporate email accounts should only be used for business purposes, so any personal mail that is inadvertantly read is not yourproblem. If you feel obligated to offer some kind of email forwarding, ensure that a copy of the forwarded mails are retained for audit purposes. This is perfectly legitimate and legal, and you are under no onus to inform the ex-sysadmin that this is occurring.
  8. Bring in the professionals. Have an external auditor review and certify that your systems are free of malicious code, or back-doors. Review all firewall rules, and audit all user accounts. Remove all VPN tunnels, trust relationships, and public-key certificates. Replace all server binaries with clean ones, in case of Trojan. Perform back-ups of critical systems in the event that a malicious incident does occur. Document all vulnerabilities found, and report any discoveries to the proper authorities. Do not involve the sysadmin in these discussions. It is up to the Authorities to discover whether the vulnerabilities are malicious or accidental, and the ex-sysadmin’s reputation is no longer of concern to you.

The loss of a sysadmin is a difficult situation for any company. Through careful planning, healthy paranoia, and rigorous attention to detail, the potential damage to your business can be kept to a minimum. Be strong and do not falter. If you follow these guidelines, you’ll be well on your way to a smooth transition.

Kjell Wooding

Tuesday, August 28, 2001
PD DX

pintday.org » Fresh every Tuesday.