Recently I took over some IT duties at a local business, apparently the last IT guy went a bit coo-coo but that’s a different matter. My problem is that before he left he was bragging to all the staff about how he can remotely access the network whenever he feels like it and do whatever he pleases to the sensitive data stored on it. I have been doing a few checks to cut off his access but I want to be 100% sure that he can’t get in. The setup is a simple network which is focused around the server (running win 2000 sp4) this server is connected to the rest of the network and the internet via a ADSL modem/router the rest of the computers on the network are running win xp sp2. This is what I have done so far, firstly I checked to see if the router has a VPN option which it doesn’t and the remote configuration option is disabled. Next I uninstalled pcAnywhere from all of the pc's (I suspect that this is what he was using but I’m not sure), I also checked if the pc's have a dial up connection but none of them have. I have begun doing some research about terminal services and telnet but it’s a bit over my head. It seems that there are numerous ways he can access this network and there’s probably even more that I don’t know about. ---The catch is that they do not use firewall software as no matter how much tweaked it seems to interfere with their booking system. ----
Now, what I'm really interested in is:
1. Is there other software similar to pcAnywhere that can be running hidden on the machines somewhere? (Unfortunately formatting the machines is not an option)
2. If there is such is there anything I can download to detect this vulnerability? ---- Without using a firewall -----
3. if i need to use a firewall would a certain port number need to be disabled in the firewall for programs such as pcAnywhere to be able to run? If so can I enable this port or reinstall the firewall?
4. Can telnet be used for remote administration and id so can this be prevented?
5. Does terminal services run on win 2000 or is it only on 2000 server? if it does run on win2000 can it be disabled?
I will be happy to give the points to whoever can answer these questions and perhaps make some other suggestions that I have not thought of. Basically I just want to be 100% sure he can no longer access the network remotely, if there is a simple way to cover all these bases I would appreciate if someone could step me through it. Thank you in advance.