network security research - to help keep paranoia under control
The Router provides a view of what computers are connecting to the internet
NAT sessions table which shows what internal private IP addresses are accessing (or being accessed) in the world... Data Flow Monitor (realtime display of tx/rx/and sessions)
Rasmgmt.msc shows ms vpn tunnel connections (username & private ip)
Command line tools with a hardware inventory (MAC's) shows if any "foreign" MAC's appear...
ping ip arp -a
The domain admin and a computer on the domain allows administrative shares and remote command prompts
NET USE \computername\c$ z:?
If mapped to a network drive allows remote virus scanning of files
clamwinportable, malware anti-bytes, kaspersky, nod32
Using system internals pstools psexec.exe:
psexec \nnn.nnn.nnn.nnn cmd
then netstat -a
or netstat -an (to skip name resolution and just see ip addresses)
netstat -ao > all-listening-and-established-ports-with-process-id.txt procexp.exe (system internals winxp very useful process/thread/dll viewer)
investigate remote connections through NAT sessions
with IP Address GEO Locators & whois tools (http://network-tools.com/) http://www.maxmind.com/app/locate_ip
This slow manual method, once mapped out & documented, does at least show you what your "baseline" security looks like:
e.g. MS VPN server (port 1723) Web Server (port 80) Email Server (ports 25 & 443) NTP client (port 123)
Network Time Protocol DNS?