Best Practice: What to do if an administrator steal all ID files when he leave the company

I hope this can be a Best Practice thread because I think it could be a quite common problem.

A person who is an administrator(let’s call him John) decided to take all the employees ID files with him home when he left the company. the company has a Domino server on the internet with port 1352 open. as Jim took the id files from the secured area to he had access all id files have password = password.

I am trying to find the best way to make sure that Jim cannot access his former company dominoserver using any of his “stolen” ID files.

Thanks

Thomas

Subject: A bunch of things

Have a legal letter sent to the guy.

Tell the server to check passwords, and enforce new passwords, you might want to roll out new keys, and tell domino to check the public keys and to only accept people where the public key is in the nab. - Nice project.

Subject: What to do when a Certifier ID is stolen, lost or compromised

What to do when a Certifier ID is stolen, lost or compromised

Subject: Excellent link.

Subject: password=password?

I guess your first problem is storing id files with password=password. I can’t see why you’d want to do this, it’s a rather large security hole

I assume you don’t have password checking on - turn it on and set up password recovery, then the id files he has will be useless

Subject: recertify

I agree with Dan - set up ID recovery. The company I am with used to do exactly what you’re describing, and I am so glad I convinced them to go with ID Recovery. Bonus: There is no losing an ID, and you can set higher password security requirements.

For your current situation, I think recertifying the users would solve the problem. The stolen ID files would not have the new certificate, and since (it sounds like) he’s using the notes client and ID files, that would be checked.