I am, at this time, a strictly self taught system administrator on about a 25 PC network for a mid-sized police department. I pull “double duty” as a patrolman as well. We are running WinNT4 on one PDC and two BDCs with clients running WinNT4 Wkst/Win95/98. Due to our Nationally Accredited status, I am required as of this month to perform a first annual full security audit of our network with a written report. I am reasonably knowledgeable and have maintained and expanded this network since April of last year, adding two ADSL internet connections and setting up WinRoute Lite to handle NAT and provide that connection to other PCs on the network. The connection is always active. My main concern as far as security is my own lack of education on outside intrusion. My first recommendation in this audit is to get me some formal training in security issues! I only very generally understand what NAT does. If an outside hacker gets around that, what is the likelihood that his attempts to connect to the network will show up in the security log? Or, if WinRoute stops his efforts, will it show up in the security log then? What about intrusion detection software? WinRoute Lite does none of that. I expect there would be conflicts with Winroute Lite and any intrusion detection stuff – two separate pieces of software trying to do a similar job with the same aspect of NT. Agree? Workarounds? I currently have all shares set so that only authenticated domain users can log on. I guess I’m looking for some direction here with whatever specifics can be offered. I have no clue how to do a full and formal written security audit. I’m sure I can accomplish it but I am concerned about my serious lack of “hacking and anti-hacking” knowledge. Some serious input would be appreciated. Thanks!