Quote:
Originally Posted by ladida
Most, if not all hosts have what are called a "jumpbox". Essentially, it's a box that's allowed to go to all servers in their possession. Each employee has/should have it's own ssh key, however, some utilise an "universal" key thats on the jumpbox that everyone uses, as it eases handling and changing of the key (ofc, there's way more possible ways to set these things up etc).
I don't buy the rogue ex employee either, but by the state of the network, i'd guess they noticed someone hacked the main box with keys and all shit broke after that. They took it all down, and are combing everything for the noticed backdoor. Sadly, if it's something like that, its a big fail.
|
Any company that has this sort of system, should also have it secured to specific IP addresses only. Not the techs private home IP's, but a SINGULAR VPN IP Address.
The VPN should be certificate based as well for additional security. The only way to access any company resources would be via this singular VPN IP address.
All other IP's would not have any access of any sort.
Then once an employee leaves, simply remove VPN access. No passwords to crack as its all based on secure encrypted certificates (similar to SSL certificates).