A few quick points here:
- If you don't have an air-gapped (or WORM) backup/archival solution, you're at risk of this. Having archive solutions on your network won't be enough, because there will be someone who can override your internal controls.
- Your termination protocols should lock down every single thing connected to anyone in IT the moment they're in the room with HR. True story: I once had to do this manually at my startup as we didn't have any automated system to deal with this at all, as our only systems administrator was being let go.
- Even if your developers aren't disgruntled, a single poorly written multiple-ssh script could have done the same thing (even with the monitoring system running, how fast could they have shut down an inadvertant worm?).
- 10 years? For that? Really? Man, the US justice system is messed up.
Posts
