Question

An administrator has been working within an organization for over 10 years. He has moved between different IT divisions within the company and has retained privileges from each of the jobs that he's had during his tenure. Recently, supervisors admonished him for making unauthorized changes to systems. He once again made an unauthorized change that resulted in an unexpected outage and management decided to terminate his employment at the company. He came back to work the following day to clean out his desk and belongings, and during this time he installed a malicious script that was scheduled to run as a logic bomb on the first day of the following month. The script will change administrator passwords, delete files, and shut down over 100 servers in the datacenter. What could have discovered problems with this user's account while he was employed

Answer 1

User roles and access authorization

(Explanation of this question is given below in the explanation section.

Step-by-step explanation:

As noted in question that a terminated employee comeback in office and installed some malicious script on a computer that was scheduled to run a logic bomb on the first day of the following month. And, that script will change administrator passwords, delete files, and shut down over 100 servers in the data center.

The following problem can be with that account

• Unauthorized user access and privileges

The user may be given unauthorized access to system resources. If a user has unauthorized access to system resource then he can modify or destroy the system function easily.

• The firewall may be disabled to detect the malicious script

The firewall should be enabled to detect such types of attack from unauthorized access to the system

• Role

May be user role is not defined properly. If role would be defined according to user role then there are very fewer chances in doing unauthorized changes in the system that will result in an unexpected outage.