How to know who and how some one accessed a Windows client

[CELE1]

Thanks for those who have time to respond.

This is my doubt:
If you know that some one hack a Windows machine, how to know from which station and how it was done, in this particular case in a internal environment (same LAN).

Does any one have an idea, what can I do to audit/strike back since we (and I think no one) have a firewall neither a intrusion detection pointing to the whole LAN.

Once again, thanks in advance.

 

[GiaBetiu]

The only way is to have installed on posible target stations a personal firewall (like BlackIce, or ZoneAlarm). Gia Betiu
m.betiu@chello.nl
Computer Eng. CNE 4, CNE 5

 

[Sapient2003]

CELE1--
Most LANs keep some sort of connection log. The log in itslef will not prove that a computer hacked another, it will just prove that there was a connection made. It is just a start. Good luck. --Sapient2003 - sapient@sapient2003.com
"The worst insecurity is beleiving you are too secure."

 

[Viscereal]

How big is the LAN and how much do you want to spend for security. I would suggest Sgt labs,

http://www.sgtlabs.com.

I can tell you now you cannot beat their product to determine what's rolling on your network.

-Viscereal-