What steps should I take to ensure my former IT Manager no longer has access to our system?

0
10
Asked By TechieTraveler24 On

My IT Manager is leaving, and I'm concerned about the security of our web app hosted on DigitalOcean. He mentioned that if I remove his SSH key from the account, he won't have access anymore. However, since he developed most of the code on his own laptop, I'm worried that he could still have a copy or some form of access. What can I do to secure our system and confirm he can't access it anymore?

4 Answers

Answered By CuriousCoder99 On

First off, make sure you’re the new point of contact for the DigitalOcean account. Confirm that any important code is backed up and stored in a repository that you control, like GitHub or GitLab. If the code is only on his laptop, that’s a big red flag. You need to establish ownership of the code and ensure it’s in a secure place before he leaves. Also, remember to remove his SSH key immediately after he’s gone to cut off any remote access.

DeveloperDan77 -

Absolutely! Make sure you get all the existing code into a version control system as soon as possible. Consider hiring a new IT person who can help manage the transition and security.

Answered By TechSavvyTom On

Honestly, if you’re having these concerns, it may mean you need to gather more expertise on security. If you can, bring in someone with experience to help you during this transition. And remember, getting the code into a secure, centralized location is key before he leaves.

Answered By SecuritySleuth88 On

Cycling the keys is definitely a solid first step. After you remove his SSH access, double-check all the security settings of your DigitalOcean account. It's crucial to limit remote access to only necessary ports and IPs. Also, think about using a VPN for accessing the server moving forward. Keeping your architecture secure is key.

Answered By CautiousConsultant55 On

Just a heads up, even after you remove his access, you can’t be 100% sure he’s completely locked out. Ensure there are no back doors or hidden scripts in your web app. It might be worth conducting a security audit or having a professional take a look once he’s gone. Don't underestimate potential loopholes.

InformedInvestor22 -

Exactly! If he had root access, there might be vulnerabilities that can be exploited. It’s better to be safe and thorough.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.