An employee of mine quit his job and before he left he bragged about having knowledge of our IP address. The next day, our computer system went down and we lost 2 days of history/files. The 3rd party IT guy looked into our computer and said that someone had to have logged in and deleted the info but there would have been 2 warning signs pop up before the action could be done. I had only one person in the office yesterday when the event occurred who has nothing to gain from deleting files. She is part-time college student and I was in the office around her all the time. Could the ex-employee have used my IP address and remotely logged in and done this action? I have no knowledge about this kind of stuff and if could how can I prove it and prosecute him. There was a modem connected to the comuter and I have unplugged it so that noone from outside the office could conect in to the system until I figure out what is going on.
2007-01-21 06:10:09 · 4 answers · asked by Blank B 1 in Computers & Internet ➔ Security
Whenever a key employee leaves you MUST disable their access before they walk out the door. You must also change all administrative passwords, again before they walk out the door. If you fail to do this, it's entirely possible that the employee could access your network remotely. If you're not logging network logins properly and auditing network activity, they could do this without you finding out what account was used or where the attack came from.
The comment that 2 popup warnings would warn of this sounds like someone is blowing smoke -- I'd be very suspicious of anyone making that claim! Employees add, modify, and delete files on the network all the time as a routine part of their jobs without administrator action.
I'd consider bringing in a consultant who has knowledge of forensic network analysis. Your 3rd party guy doesn't seem to have the expertise and if he didn't enable logging and auditing on your network he's not doing his job -- unless of course he proposed it and you rejected the idea.
At this point, you MUST change all admin passwords immediately. If you have an internet connection you need to change the management passwords on your router or firewall. And you must disable the network logon account for the departed employee.
2007-01-21 06:28:57 · answer #1 · answered by Bostonian In MO 7 · 0⤊ 0⤋
Well, one way to block someone who knows your ip address is to change your password that is used for remote login. Second, if you have knowledge about how to configure your router, then log into router and find out the ip address of an outsider in router's "log" and then block that ip address. Of course, blocking would not prevent because he can use different computer to log in. So the best way is to change password for your router as well as computers that are configured for remote logins.
2007-01-21 06:22:04 · answer #2 · answered by farhan 2 · 0⤊ 0⤋
I would follow the advice of the other answers here and I would also get your police force involved make sure your tech guy saves all the logs of before after and during when this crime was committed . I would also figure out how much it cost you to fix this problem . your time employee time and lost revenue due to this guy
2007-01-21 06:47:44 · answer #3 · answered by salty 2 · 0⤊ 0⤋
Kind of Strange. You should have had the Accounts deleted immediately.
Even if deleted the files can be recovered, by Backup, or Data restore, especially if on a Local PC and not on a server
2007-01-21 06:14:50 · answer #4 · answered by Mictlan_KISS 6 · 0⤊ 0⤋