Without getting into all the details I will say that we have had several cases with our IT department where one thing was said and another done.
My question is concerning VPN. We currently have a Cisco router and our Network admin stated that nobody had access via VPN.
2 Days later we found out that an employee was working from home using a VPN connection.
While I'm leaving major details out from the "problems" that occured the question is simple.
We instructed the individual to change all the passwords out on the VPN accounts, and to set another person other then herself as Admin as she can not be trusted.
her response was that there is NO ADMIN account when speaking of VPN accounts she said they are just log ins.
While she proceded to show me on her screen I noticed that two names had the words "secret" and "priveledged" next to the user names.
When I asked why they said that...she replied that it was an "encryption" system.
1) How do I know if there are more VPN accounts that are created that I'm not being told about.
2) Is there such as thing as an Admin account and she just does not want to pass over the control?
Thanks for your time, as you may expect my IT knowledge is limited but this does not sound right.
Thanks in advance.
if its says something like secret and privileged .. it may look like the following:
username blahblah password <blalalaa> privilege 15
ask ur netadmin for the "enable" password
and the config file itself. this mostly brought up concerns legally.. but if your on another country other than US.. it's a bit concerning considering that if this router is the only way out for your company to work in... it would really be a hassle if it goes down.
there's quite a few nasty IT guys out there that companies would hire and get a "firm" hold of all the passwords within the infrastructure and there would be NO copy of the passwords/access to upper management... I guess it can be a nasty way of stating "job security"
I know someone that does that on where i work
anyways.. just my 0.2cents