Re: IT Management Question
Well on all your critical servers you need to check all the TASKS scheduled and all the services running. Some of the backdoors are suppose to trigger at a certain time.
But checking specifcally for backdoor is a painstaking job.
Like Faizy said, one need to disable the account immediately. I would say that dont delete the account for some time. Just forthe sake of inventory later wards.
and check all the groups he is member of..
Ill ask our security admin for that , and ill get back to you.